[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] Non-root emerges
From:       Ned Ludd <solar () gentoo ! org>
Date:       2004-09-30 19:55:39
Message-ID: 1096574139.6464.1.camel () simple
[Download RAW message or body]


On Thu, 2004-09-30 at 15:21, Stephen P. Becker wrote:
>   > Remember, it's not just security though.  A bug in a script when run
> > as root could wipe out all or parts of a system.
> > 
> 
> ...which is the reason why we have sandbox.  FEATURES="sandbox" causes 
> an emerge to terminate immediately with an access violation if it 
> attempts to touch system files before the build is complete.
> 
> I'm not saying you are wrong by the way, I'm just pointing out that 
> stuff like this has been thought of before, so portage has safety nets 
> accordingly.

And sandbox does such a good job.

cd /usr/lib/portage/bin/ &&  HOME=`perl -e 'print "A"x512'` && ./sandbox
========================== Gentoo linux path sandbox
===========================
Detection of the support files.
Verification of the required files.
Setting up the required environment variables.
sandbox: stack smashing attack in function setenv_sandbox_write()
Aborted

> 
> Steve
> 
> 
> 
> --
> gentoo-dev@gentoo.org mailing list
-- 
Ned Ludd <solar@gentoo.org>
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]