Patrick Matthäi <pmatth...@debian.org> writes: > Russ Allbery schrieb:
>> Given that anyone can upload packages to mentors, this seems like a >> fairly worrisome security risk. > Why that? It may be implemented as the current Debian buildd network. > OpenSuSE is also providing such a buildd service for their users, but > yeah, we need more buildd servers for that (if the pkgs should be > realy build for every arch). Builds are conventionally done as root under sbuild, and you can break out of chroots when you're root, thus enabling an attacker to upload a package that compromises the security of the buildd. Even if we implement a fakeroot-based build server, you're giving essentially random people on the Internet control over a local account on a system, and there are a lot of local root exploits. That's a pretty heavy security commitment for the system. You'd at least want to use SELinux pretty heavily, I'd think. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
