there are many files out there that contain critical information about your system ... lets look at /etc/shadow
baselayout installs this file, yet it is not listed in CONTENTS for a very
good reason ... if someone were to run `quickpkg baselayout` and post the
file somewhere, they could easily have done so without realizing the
implications. social engineering on irc for example would be trivial to
accomplish this and say hello to my little root shell.
however, there are certainly cases where the admin fully knows what they're
doing and they want to create a binary package of their system with these
sensitive files ... so where to meet in the middle.
mayhaps we need a new function to be run in src_install() to label files
as "sensitive" ... so baselayout would do:
esosensitive /etc/{fstab,group,passwd,shadow}
and then we expand the format of CONTENTS in the vdb:
priv /etc/fstab <hash> <mtime>
any other potential ideas ? (pretend my idea here isnt the greatest thing
since Robot Chicken)
-mike
signature.asc
Description: This is a digitally signed message part.
