Re: Lintian clean?

To: debian-mentors@lists.debian.org
Subject: Re: Lintian clean?
From: Russ Allbery <rra@debian.org>
Date: Mon, 04 May 2009 13:12:30 -0700
Message-id: <[🔎] 87hc00r5jl.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 49FF4AA7.8070902@debian.org> ("Patrick Matthäi"'s message of "Mon\, 04 May 2009 22\:05\:59 +0200")
References: <a1dfbff90903260721o20b8502aw616c6fb25ae68475@mail.gmail.com> <[🔎] 200905021803.52884@proffe.kibibyte.se> <[🔎] 86ecb3c70905021032s2bc9a1ceid293b06869ea446e@mail.gmail.com> <[🔎] 200905022057.00222@proffe.kibibyte.se> <[🔎] 20090503102602.zyv9oycso4w4csoc@spnet.net> <[🔎] e13a36b30905030056j2f141ca1u5ec2a782f1550f21@mail.gmail.com> <[🔎] 20090503202507.GA2803@chistera.yi.org> <[🔎] e13a36b30905040343h7ceb35e0ud55707ec2e89ceb3@mail.gmail.com> <[🔎] 8763ggtz5y.fsf@windlord.stanford.edu> <[🔎] 49FF4AA7.8070902@debian.org>

Patrick Matthäi <pmatthaei@debian.org> writes:
> Russ Allbery schrieb:

>> Given that anyone can upload packages to mentors, this seems like a
>> fairly worrisome security risk.

> Why that? It may be implemented as the current Debian buildd network.
> OpenSuSE is also providing such a buildd service for their users, but
> yeah, we need more buildd servers for that (if the pkgs should be
> realy build for every arch).

Builds are conventionally done as root under sbuild, and you can break
out of chroots when you're root, thus enabling an attacker to upload a
package that compromises the security of the buildd.  Even if we
implement a fakeroot-based build server, you're giving essentially
random people on the Internet control over a local account on a system,
and there are a lot of local root exploits.  That's a pretty heavy
security commitment for the system.  You'd at least want to use SELinux
pretty heavily, I'd think.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Lintian clean?
  - From: Roger Leigh <rleigh@codelibre.net>

References:
- Re: RFS: mpview
  - From: Magnus Holmgren <holmgren@debian.org>
- Re: RFS: mpview
  - From: Dmitrijs Ledkovs <dmitrij.ledkov@gmail.com>
- Lintian clean? (was: Re: RFS: mpview)
  - From: Magnus Holmgren <holmgren@debian.org>
- Re: Lintian clean? (was: Re: RFS: mpview)
  - From: George Danchev <danchev@spnet.net>
- Re: Lintian clean? (was: Re: RFS: mpview)
  - From: Paul Wise <pabs@debian.org>
- Re: Lintian clean? (was: Re: RFS: mpview)
  - From: Adeodato Simó <dato@net.com.org.es>
- Re: Lintian clean? (was: Re: RFS: mpview)
  - From: Paul Wise <pabs@debian.org>
- Re: Lintian clean?
  - From: Russ Allbery <rra@debian.org>
- Re: Lintian clean?
  - From: Patrick Matthäi <pmatthaei@debian.org>

Prev by Date: Re: Lintian clean?
Next by Date: Re: Lintian clean? (was: Re: RFS: mpview)
Previous by thread: Re: Lintian clean?
Next by thread: Re: Lintian clean?
Index(es):
- Date
- Thread