Gentoo Archives: gentoo-security

From: Alexander Holler <holler@××××××××××.de>
To: gentoo-security@l.g.o
Subject: [gentoo-security] Gentoo's security
Date: Mon, 08 Nov 2004 02:01:29
1 Hi again,
3 I couldn't resist and have read some messages, and I belive some people
4 are missing the point.
6 It's really easy:
8 There are many kinds of funny security things in a Linux/Unix
9 environment to protect the user from software failures (like typos rm ./
10 -> rm /) or attackers. People normally don't use the root account, are
11 building chroots for specific programs, some programs are getting
12 special rights or user accounts, or even stuff like selinux and grsecurity.
13 Portage/emerge also does some things, there are the digests which
14 ensures that the software fetched is not changed (again either by error
15 or an attacker) and there is the sandbox to ensure the
16 installation-scripts from the packages don't delete or overwrite files
17 they shouldn't (again either by error or an attacker).
19 But then there are the ebuilds and the eclasses. This are scripts often
20 changed and fetched unchecked from the internet.
22 And those are normally run as root.
24 And this normally happens on a daily or weekly basis.
26 So you have on the one side carefully crafted environments to protect
27 the system/user from software-failures or attackers, but on the other
28 side there is portage which is run regulary and is fetching scripts from
29 the internet which are run unchecked by root.
31 I think this explains why I doesn't understand that nobody cares about that.
33 Kind regards,
35 Alexander Holler
37 --
38 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Gentoo's security Jason Stubbs <jstubbs@××××××××××.jp>