| 1 |
Hi again, |
| 2 |
|
| 3 |
I couldn't resist and have read some messages, and I belive some people |
| 4 |
are missing the point. |
| 5 |
|
| 6 |
It's really easy: |
| 7 |
|
| 8 |
There are many kinds of funny security things in a Linux/Unix |
| 9 |
environment to protect the user from software failures (like typos rm ./ |
| 10 |
-> rm /) or attackers. People normally don't use the root account, are |
| 11 |
building chroots for specific programs, some programs are getting |
| 12 |
special rights or user accounts, or even stuff like selinux and grsecurity. |
| 13 |
Portage/emerge also does some things, there are the digests which |
| 14 |
ensures that the software fetched is not changed (again either by error |
| 15 |
or an attacker) and there is the sandbox to ensure the |
| 16 |
installation-scripts from the packages don't delete or overwrite files |
| 17 |
they shouldn't (again either by error or an attacker). |
| 18 |
|
| 19 |
But then there are the ebuilds and the eclasses. This are scripts often |
| 20 |
changed and fetched unchecked from the internet. |
| 21 |
|
| 22 |
And those are normally run as root. |
| 23 |
|
| 24 |
And this normally happens on a daily or weekly basis. |
| 25 |
|
| 26 |
So you have on the one side carefully crafted environments to protect |
| 27 |
the system/user from software-failures or attackers, but on the other |
| 28 |
side there is portage which is run regulary and is fetching scripts from |
| 29 |
the internet which are run unchecked by root. |
| 30 |
|
| 31 |
I think this explains why I doesn't understand that nobody cares about that. |
| 32 |
|
| 33 |
Kind regards, |
| 34 |
|
| 35 |
Alexander Holler |
| 36 |
|
| 37 |
-- |
| 38 |
gentoo-security@g.o mailing list |
Archives