-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Lisa Seelye wrote: | Since this uses the same basic principle of distcc I will quote from the | distcc whitepaper[1]: | | """Remote execution of compile jobs introduces a trust relationship | between the client and server machines. The client completely trusts the | server to compile code correctly. A corrupt server could introduce | malicious code into the results, or attack the client in other ways. The | server completely trusts an authorized client. A malicious client could | execute arbitrary commands on the server. | | ... | | Because the server and client necessarily trust each other, there has | been no security audit of the code that runs after a connection is | established. It is possible that a hostile server could gain control of | a client directly, as well as modifying the object code.""" | | What guarantees are there that a malicious person doesn't set up a | server and inject code? | | If this is just an isolated network between one user and hir second box | then it's a great idea. However, opening up the project to the Internet | is just a bad idea waiting to happen.
It's for internal networks only. This system will do very little (apart from tunneling data through ssh maybe) to heighten the degree of trust on the build server.
No machine is 100% safe, yet people still trust their internal firewall to correctly block and re divert ports. The same goes for the build server. Ultimately it's the administrators responsibility to make the build server secure enough to be trusted.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFB4StNUxGWrFYv8KQRArcSAJ0Wmb7Q4MDmkcpSuO5QaHCK3VEkaACgigKP anfnbwzmaF/Bhxgg18G+VpI= =wuft -----END PGP SIGNATURE-----
-- [email protected] mailing list
