Carsten Lohrke <[EMAIL PROTECTED]> posted [EMAIL PROTECTED], excerpted below, on Fri, 23 Feb 2007 14:22:05 +0100:
> I consider the preserve-libs functionality one of the biggest > security threats for Gentoo users. You may dismiss this, saying the > problem sits in front of the keyboard, but I'm telling you this is > careless and that we can do better: > > echo "/path/to/preserved.so" >> /var/lib/portage/preserved_libs > > stores the libraries, and Portage can each time emerge is run look up, > if the file lists libraries, check, if those exist, if not remove the > lines or otherwise warn the user about the possibly vulnerable libraries > and tell him what to do. +1 here! During my own sysadmin-ings, I've wondered why there wasn't such a list on several occasions. It would make things /so/ much simpler, at least from the sysadmin perspective. (Of course, I realize that's /not/ the same thing as simpler from a portage perspective, but anyway, that's what's being discussed here. =8^) If this is added, I think it's big enough to have it mentioned in the handbook as well. Having that handy list all nicely centralized to one location would be a /big/ boon to security conscious Gentoo sysadmins everywhere, so it's easily worth mentioning in the handbook as one of the valuable tools portage provides. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- gentoo-portage-dev@gentoo.org mailing list
