Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] How secure is openSUSE build service?
  • From: Aniruddha <mailing_list@xxxxxxxxx>
  • Date: Thu, 01 Nov 2007 15:59:56 +0100
  • Message-id: <1193929196.3576.239.camel@xxxxxxxxxxxx>

On Thu, 2007-11-01 at 15:41 +0100, Dirk Stoecker wrote:
On Thu, 1 Nov 2007, Aniruddha wrote:

On Thu, 2007-11-01 at 11:33 +0100, Guenter Dannoritzer wrote:
In Gentoo/FreeBSD/Debian/Ubuntu/ you don't have to worry about that since
the maintainer of that package checks this for you.

Apparently in openSuSE there is no such safety precaution.


It appears to me that you are not worried about security, but driven by
affection to a certain distributions.

Off course this isn't a valid argument. Even if I am 'driven by affection
to a certain distributions' this has no effect on the validity of my
arguments.

No. None of the distributions you mention has a way to prevent the basic
idea, that you need to trust somebody (and this multiple somebodies).

Some years ago I got maintainer of the "pavuk"-package. I
did major changes in the source code which resulted in a nearly 100% code
reworking. Now my pavuk version is in all the major packages (Debian, BSD,
SUSE, ...). If I would have included a malicious tool, the chances to
detect it are very low except you are highly experienced and I'm to dumb
to write such code (as I'm programming nearly 20 years now, already wrote
virus checkers and analyzed virues and do networking programming for 10
years now, I doubt that).

So when using pavuk, you need first to trust me. There are probably 3 to 5
people on the world, who did have a deeper look at the source code.
Probably 2 of them still are active (one of them am I).

Next you need to trust the package maintainers. E.g. for Debian Petr Czech
is probably the only one caring for it. He has little time and for
sure does not look at the code I change. Nobody else at Debian looks at
the stuff I think. If he would add a security hack, the changes would be
very high nobody could detect them (at least for a long time). So you need
to trust him also, when you use pavuk.

And when you install it, you probably do not even know, that you need to
trust me, him and all the previous pavuk authors (and also the server
maintainers, the build server maintainers and lots of other people).

So the idea you describe will only work for commercial companies and also
only for a small number of packages and also only to some extend (full
code reviews are much to expensive).

The way openSUSE is going now (individual keys, a network of trust, ...)
is the best possible solution, as it's the only working way.

Thanks for replying, you brought some interesting points from an inside
perspective :). As stated in my precious mail I think the biggest
problems is with the home:* repo's. How can we ensure security for
these?

Some suggestion I got when writing this.

3) A malware code scanner could be introduced, which from time to time
scans all the build-service stuff and searches code, which is know to
be malware (rootkits, ...)


This would be great. I already contacted several vendors to ask if they
provide malware protection (specifically rootkits).

OSS
Clamav only viruses

Commercial - gratis
f-prot ( http://www.f-prot.com/products/home_use/linux/ )
Might work against rootkits. I'll contact them.

Commercial Kasperksy
( http://www.kaspersky.com/anti-virus_linux_workstation#av )
Contacted them several weeks ago still no response
--
Regards,

Aniruddha

Please adhere to the OpenSUSE_mailing_list_netiquette
http://en.opensuse.org/OpenSUSE_mailing_list_netiquette


---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups