-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Patrick Lauer wrote: >>> The metadata cache is "inert" in the sense that it isn't executable >>> code (and if anyone tries to execute it ... "You're doing it wrong" >>> comes to mind"), so adding it does not pessimize the situation. >> But generating that cache means running code, and one of the things >> that code could do is modify every overlay distributed by the box in >> question such that anyone using any of those overlays will run >> arbitrary code whenever they do emerge -p world. > > Good, this means we have to isolate it so that only each overlay itself > exists > in an environment that generates the metadata cache. A bit bothersome, but > nothing more than adding a line or two to the script(s) that drive(s) this > process.
If you generate a user with a separate uid for each overlay then that will probably be provide a sufficient level of privilege isolation. - -- Thanks, Zac -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAko+d2MACgkQ/ejvha5XGaPzJQCeIg2d8MVhJTyhZWKCQGtZnY3V Dk8An0f8WnJL/lb7iJZzlB+hxQDfNLTG =pXrm -----END PGP SIGNATURE-----
