On Sunday 04 November 2007 02:32:03 pm Dirk Stoecker wrote:
On Sun, 4 Nov 2007, Rajko M. wrote:
Scanning binaries for known problems using some antivirus/rootkit software, before actually publishing, even in home:* repositories.
I personally do not like this idea much, because it can cause the risk that people believe that software is "good" if the scanner does not find anything inside.
However, any scanner what helps manually reviewing is of course very helpfull.
The scanner solution will remove some number of possible attacks. Though, they will not help for mentioned in this mail: http://lists.opensuse.org/opensuse/2007-11/msg00422.html This is out of scope of scanners, but number of people able to create it is smaller than for known attacks.
Such a scanning system from my point of view is no public interface. This should run in background by server administrators (either scanning binaries or sources).
The build service users should only get to know it, when he tries nasty things and an administrator is contacting him to tell him, that he has been discovered (or else circumvention is no problem).
So it gets an aditional security improvement without negative side effects. Like in "We trust you, but a bit control can't be wrong :-)".
Good point of view. Now is the question how to discuss security issues? Discussing security elements in public, helps normal users to feel better, but gives information malicious users where to look for cracks in the wall.
How to tell normal users with good questions about security: "We have some measures in place and Build Service is not a jungle where any predator can jump in and wreck havoc, but also it is not save haven, where you can forget to keep an eye on security."