How to improve Debian security, and avoid trojans...
I think that the greatest risk for Debian is to accept compiled packages.
Developers shouldn't be allowed to upload .deb's. That way, to upload a
trojan a developers sould need to upload the source for the trojan. And
that's waay more detectable.
Now I can easily build a .deb with a trojan, and a source file without a
trojan. That is much more difficult to detect.
Now..
Developers would upload only source packages. The load needed to build
every uploaded package may be important. So the work can be handled by
several *VERY* trusted machines on the net (3 or 4). The machine would
periodically check an ftp dir on master / download the source packages
/ build them / and upload the .deb. This could be done with low priority..
something like the RC5 contest.. =)
Igor Grobman pointed (in IRC, you should visit the Debian channel at
undernet =) ) that the need to build packages as root would be a security
risk to the host machine. I think that it's time to modify dpkg/tar/the
build process to handle this. tar should be modified to accept a file with
the uids/gis of the files being tarred.
What do you think?
--
Nicolás Lichtmaier.- | From Buenos Aires,
nick@feedback.com.ar | Argentina!
Reply to: