On Thursday 15 May 2014, Claudio Freire wrote:
On Wed, May 14, 2014 at 6:56 PM, Bernhard Voelker
<mail@bernhard-voelker.de> wrote:
On 05/14/2014 11:18 PM, Roman Neuhauser wrote:
limiting the privileged commandline to an invocation of a third-party program does little to improve security.
And of course, such a whitelist must include the package name, i.e., another package could not use the same string to circumvent the restriction (unless it has registered the same string for %sudo, too).
And I'd include sha-something of the source tarball. Just an idea.
I don't think we have a security problem on OBS. It's just about reliability. If for example a package silently configures /sys, /etc and /usr/lib to be able to compile and run then it might not run correctly after installed on arbitrary target system. I'd say it would be enough to allow sudo for the %check section only. We only have to protect people who want to rebuild src rpms locally and do not want to crash their systems. But that's easy. cu, Rudi -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org