On Sat, 2005-01-08 at 13:07 +0000, Ian Leitch wrote: > Gentoo Linux Remote Package Building Service > ============================================ *snip* > In a nutshell, emerge requests made on the production system are sent to > a "build server", which compiles the package(s) and notifies the > production server when the binary package is ready for download. > > The build server would run a daemon which listens for requests, and are > authenticated by client ID. Each client (production server) registers > itself with the build server, at which point the system's CHOST, CFLAGS, > USE etc are sent and stored on the build server.
Since this uses the same basic principle of distcc I will quote from the distcc whitepaper[1]: """Remote execution of compile jobs introduces a trust relationship between the client and server machines. The client completely trusts the server to compile code correctly. A corrupt server could introduce malicious code into the results, or attack the client in other ways. The server completely trusts an authorized client. A malicious client could execute arbitrary commands on the server. ... Because the server and client necessarily trust each other, there has been no security audit of the code that runs after a connection is established. It is possible that a hostile server could gain control of a client directly, as well as modifying the object code.""" What guarantees are there that a malicious person doesn't set up a server and inject code? If this is just an isolated network between one user and hir second box then it's a great idea. However, opening up the project to the Internet is just a bad idea waiting to happen. -- Lisa Seelye <[EMAIL PROTECTED]> Gentoo Foundation
signature.asc
Description: This is a digitally signed message part
