On Sun, May 27, 2018 at 8:19 PM, Ralf Friedl <[email protected]> wrote: > Denys Vlasenko wrote: >> >> wget should work for common use cases. >> Such as downloading sources of kernels, gcc and such. >> From build scripts, not only by hand. >> Without having to modify said scripts. >> Your patch breaks that. >> NAK. >> >> I don't care that security people are upset. >> They are paranoid, it's part of their profession. >> It does not mean everybody else have to be as paranoid. > > I must admit I'm surprised by this statement.
I was surprised when one distro's security people decided to disable ptrace for non-root users. Because "they don't need it, and it's more secure that way". Unprivileged users suddenly not being able to strace their own processes was seen as unimportant. Only a flood of thousands of irate emails made them understand that computers have other purposes apart from being extremely secure. > You add paranoid changes to programs like cp, unlinking the target in direct > violation of POSIX, breaking some use cases. There was recent discussion > about modifying the extraction of TAR and other archives, which introduced > new problems and regressions. > While there is nothing wrong with being careful, busybox is mainly used on > single user systems, so it is unlikely that there is another user to create > race conditions to exploit. You misunderstood the nature of "tarball attacks". They are not local. > On the other hand, not checking https means transfers could be attacked by > someone anywhere on the network, not only a local user on the machine, so > the number of potential attacked is much larger, and you don't even print a > warning that the remote identity is not checked. We used UNENCRYPTED !!! ftp and http for ~50 years, and somehow civilization did not collapse. Somehow, when people needed security, they found ways to ensure it. There need to be a balance. Security considerations do not automatically override everything. _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
