Re: Lintian clean?
Patrick Matthäi <pmatthaei@debian.org> writes:
> Russ Allbery schrieb:
>> Given that anyone can upload packages to mentors, this seems like a
>> fairly worrisome security risk.
> Why that? It may be implemented as the current Debian buildd network.
> OpenSuSE is also providing such a buildd service for their users, but
> yeah, we need more buildd servers for that (if the pkgs should be
> realy build for every arch).
Builds are conventionally done as root under sbuild, and you can break
out of chroots when you're root, thus enabling an attacker to upload a
package that compromises the security of the buildd. Even if we
implement a fakeroot-based build server, you're giving essentially
random people on the Internet control over a local account on a system,
and there are a lot of local root exploits. That's a pretty heavy
security commitment for the system. You'd at least want to use SELinux
pretty heavily, I'd think.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: