On 12-01-04 at 12:26pm, Barak A. Pearlmutter wrote: > > How can the Debian project rest assured that that the binary indeed > > is (only!) unpacking itself when executed? > > > Also, that it is the case for _every_ new upstream release, not only > > once when you cared to investigate closely. > > Although that is a serious issue, *exactly* the same issue is present > for *all* upstream sources, not just waf files. How do we know that > some new configure.ac is safe to run autoreconf;./configure on? How > do we know that some new C sources are safe? How do we know that a > TIF file does not contain executable instructions which are cleverly > jumped into by a carefully crafted deliberate typo? As far as I can > tell, waf files used in the build process are a bit painful to examine > and audit, but then so are .m4 autoconf macros. > > So the true answer is that we do our best, but (at least, without > formal methods) we cannot "rest assured" without manual checking, > running inside sandboxes, syscall tracing, etc. And even then, our > slumber should be somewhat uneasy. > > In this regard, waf files are no different from any other scripts > executed at build time.
Well, the very issue is that the code is binary: After each git-import-orig I skim imported changes with "git log -p --color-words". Not bullet-proof but better than simply trusting upstream. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Description: Digital signature