David B Harris dijo [Tue, Oct 21, 2003 at 06:30:56PM -0400]: > > Another argument: trojaned binaries can more easyly happen on hundrets of > > machines with differen secuirty policies. Not that I think auto builders are > > safe from that, but the environemnt is more easyly controleable. > > Yeah, instead of having to break into hundreds of maintainers' boxes to > make sure that the binaries are torjaned, he only has to break into one. > > Familiar with the term "single point of failure"? :) Yes, that's a point. But that would be a machine run by a responsable administrator - I use a publicly accesible machine as my development station, and you can be sure it is be easier to break into than any official debian.org machine. Even more, I run many potentially abusable services. And I think many people have setups similar to (or possibly much worse than) mine. Here goes a bit of a wild idea, which could not be implemented today, but we might want to push towards it: Think of the BSDs' Union Filesystem - no such thing exists today in Linux, but anyway... If you union-mount a filesystem on a directory of an existing filesystem, the existing filesystem becomes read-only from that point on. The original filesystem might in fact be mounted read-only. Every change will only be made to the newly mounted filesystem - it will include all the differences to the original FS. Imagine we built an image of a minimal system, with all the build-essential packages installed. This image is rebuilt each time a package in it is modified. This image is signed in order to verify it has not been tampered with. We union-mount over it a blank filesystem, over which we install the build-dependencies of each package we want to build. There you go, you have a freshly installed basic and as-perfect-as-it-can-be filesystem, ready to roll your build. Yes, this would consume many more resources than what we want right now, but... It can be a worthy system to further investigate and play with for the future... Or am I smoking too much crack? ;-) Greetings, -- Gunnar Wolf - gwolf@gwolf.cx - (+52-55)5630-9700 ext. 1366 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
Attachment:
signature.asc
Description: Digital signature