Re: Question about build dependencies.
On Mon, Dec 17, 2001 at 05:19:07PM -0500, Joey Hess wrote:
> Anyway, one can put a cvs checkout in the build rule w/o breaking any
> autobuilders, if you're really careful. base-config has had this for
> ages, without causing any problems:
Sure. But it does open a security risk. If people manage to trick the
builder into downloading files from their server instead the real one,
and use them for building the package, this can lead to serious problems.
In your example, it does 'only' affect a list of mirror (attacker could
include his own mirror address). In examples where code is downloaded[1], the
binaries could include trojans etc. As the source and build tree is often
deleted shortly after building, it would be very hard to even notice such an
attack.
Sure, the cost for an attacker to do this is high. But it's a weak member
of a chain, and would defeat all signatures and other methods we try to
apply to make our system secure.
In theory, packages should never be built on network connected machines.
That this is unrealistic is clear. However, in theory this also would mean
that such features as your example provided are never used. :)
Thanks,
Marcus
[1] Such an example existed, some binutils-* package did this.
--
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann GNU http://www.gnu.org marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de
Reply to: