Authentication could be handled with a simple command line "--allow [insert IPs here]" like the distccd daemon does, or were you thinking 'command line parsing' to make sure a command like "rm /" doesn't do any actual damage... Both (in some form) would be prudent. ;-)
An --allow option doesn't prevent IP spoofing and things. I will admit the chances of that happening are slim, but it's a bad enough risk to have to guard against it.
A good security mechanism would be using SSL certificates but those aren't exactly nice to maintain and just adds more complexity.
Basically what I think should be implemented at some time (can be in the future as we don't need to worry about it now but it's good to at least have some idea where we're heading with it all) is a way to proof to the server that you are authorized. Your IP address may not be reliable especially if you have a dynamic one (and restarting all your alfs servers is a pain. I rather send a password ala ssh style).
Command line parsing, like you mentioned, is something we should think about too. Running "rm -r / usr/src/packagedir" is indeed a bad typo to get stuck with. And I'm sure most of us have "been there, done that" at least once in our life.
There are other ways around that of course: don't do anything as root, except the 'make install' phase and other installation related commands. That way you at least guarantee you don't rm -r / by accident.
-- Gerard Beekmans /* If Linux doesn't have the solution, you have the wrong problem */ -- http://linuxfromscratch.org/mailman/listinfo/alfs-discuss FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
