On Sun, 21 Jun 2009 10:43:27 +0200 Patrick Lauer <patr...@gentoo.org> wrote: > > > > How much do you trust the people running the overlays listed in > > > > layman? > > > > > > VirtualBox. > > > > And how do you use VirtualBox to prevent one malicious person from > > running arbitrary code on the system of anyone using any layman > > overlay? > > Ah. I thought you were referring to the issues involved in sourcing > ebuilds.
I am. > But as you shift the discussion now ... well ... right now we allow > almost everyone to add an overlay to the layman config. So we trust > overlay maintainers not to screw users. > > The metadata cache is "inert" in the sense that it isn't executable > code (and if anyone tries to execute it ... "You're doing it wrong" > comes to mind"), so adding it does not pessimize the situation. But generating that cache means running code, and one of the things that code could do is modify every overlay distributed by the box in question such that anyone using any of those overlays will run arbitrary code whenever they do emerge -p world. > Hmm. I can't think of any sane way to prevent people from writing bad > ebuilds. And I also can't think of a reliable method to detect such > or prevent users from trying to use them. In short, we just have to > trust people. As a sidenote, we just randomly trust devs too. And it > usually works ... There's a big difference between the levels of verification done for developers and that which is done for overlay maintainers. Currently, any overlay maintainer can root any box on which their overlay is used (whether or not anything from that overlay is installed). You're escalating this to any layman-listed overlay maintainer being able to root any box using any layman-listed overlay. -- Ciaran McCreesh
signature.asc
Description: PGP signature
