[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using buildds only (was: Results of the meeting...)

Hi Olaf!

Olaf van der Spek [2005-08-22 19:28 +0200]:
> > If we're starting to worry about what kind of damage a DD can do to the
> > world by providing some bogus uploads, let's just not.   Any DD can cause
> > code to be executed as root on a potentially very big number of machines
> > world wide, source-only uploads or not, and there are many ways to
> > obfuscate malicious code within a big, complex application.

Full ack.

> With a (far) better privilege system you could avoid running most if
> not all code as root, but that's another topic.

No, you can't. The naming (whether you call it root or whatever) is
insignificant. You can't write down a set of rules that describe which
actions are deemed "good" and "bad", and since packages do need fairly
many privileges to install and change files in a system, and execute
code (postinst, etc.), you can always screw up user's systems with a
malicious package. 

That's why we mainly trust developers, not heuristics on the buildds.

Martin Pitt              http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developer        http://www.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: