You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to collect ideas for isolation of packages from each other and sandboxing or restriction of their capabilities on the system.
Currently many install time actions for rpms require scripts and there are many directories where placing files can indirectly trigger running code as root.
The xz compromise did not use this route, but it was a case of malicious build scripts not being caught during the software distributions process. While library sandboxing would have prevented it, there would still then be one other way open for a package with a malicious build script that provides this library. It could influence the package build so that the resulting package runs malicious code as root on installation. There are many packages with too few people to review all of them in sufficient detail. But most packages luckily do not need to run code as root.
Previously a plugin to restrict scripts somewhat was added to rpm: #2666
A somewhat related discussion is preventing artifact modification after %build: #3009
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'd like to collect ideas for isolation of packages from each other and sandboxing or restriction of their capabilities on the system.
Currently many install time actions for rpms require scripts and there are many directories where placing files can indirectly trigger running code as root.
The xz compromise did not use this route, but it was a case of malicious build scripts not being caught during the software distributions process. While library sandboxing would have prevented it, there would still then be one other way open for a package with a malicious build script that provides this library. It could influence the package build so that the resulting package runs malicious code as root on installation. There are many packages with too few people to review all of them in sufficient detail. But most packages luckily do not need to run code as root.
Previously a plugin to restrict scripts somewhat was added to rpm: #2666
A somewhat related discussion is preventing artifact modification after %build: #3009
I have described ideas how to prevent this: https://github.com/affording-open/package-sandboxing
Can rpm implement package level isolation? How? Should it? Alternatives?
Beta Was this translation helpful? Give feedback.
All reactions