security projects thoughts

Thomas de Grivel billitch at gmail.com
Wed Apr 13 01:17:25 PDT 2011 

Sorry Bayard I misread your name.

Le 04/13/11 10:15, Thomas de Grivel a écrit :
> Lol Jordan
>
> This man comes with a sound project, basically laying out in nice words
> all the needed separate steps to provide port security and you just
> basically TL;DR him saying it will fuck-never happen ?
>
> Most of the steps proposed by Baynard are actually implemented in
> OpenBSD and he says OpenSolaris too, and frankly any source building
> system should have at least half of these features. So there's plenty of
> code-base around, and as pointed out an obvious security hole in every
> box with macports.
>
> We should at least aim for ports correctness if not for avoiding crafted
> exploits. I know it's not the first security hole on a Mac but I think
> most MacPorts users are also developers who probably want to keep part
> of their work private. So every dev here should be concerned.
>
> For those resisting the security implications of not using crypto to
> fetch and compile sources, I will point out that every MacPorts users
> who installed ports from a non-trusted local network are currently
> possibly leaking source code, CC numbers, passwords, and such.
>
> Reviewing points proposed by Baynard :
>
> 1. Setting up a non-root user is a no-brainer, not a 20,000 feet level
> project.
>
> 2. Publish the hashes of all distributed files and sign the hashes.
> Check the signature on selfupdate and check hash on download. This might
> be less than 20 lines total once PGP is setup and would be a *huge*
> security gain.
>
> 3. Ok, this may be harder and need design, but good codebase exists
> (openbsd is very good at this) and just checking root privileges as
> Baynard suggested is not so hard.
>
> 4. Upstream signatures is a never-ending work, just like ports, but the
> infrastructure itself is quite trivial.
>
> 5. Is pure overdesign given the release model of MacPorts and has
> probably left an overkill taste in your mouth. I'll join Jordan on this
> one.
>
> I think 1 and 2 are outstanding issues in MacPorts and not so hard given
> the huge benefit. 3 and 4 would need more discussion but are good ideas.
>
> Anyway, just my 2¢. Let's hope that security on a Mac will only get better.
>


-- 
  Thomas de Grivel
  http://b.lowh.net/billitch

More information about the macports-dev mailing list