[Piuparts-devel] Bug#545907: Bug#545907: piuparts uses debootstrap in am insecure way
Holger Levsen
holger at layer-acht.org
Thu Sep 10 08:39:22 UTC 2009
tags 545907 +security
thanks
Hi Christoph,
thanks for your bug report, even though I was aware of the issue, it helps to
file bugs to make people fix things they are aware of ;-)
On Mittwoch, 9. September 2009, Christoph Anton Mitterer wrote:
> debootstrap (unlike cdebootstrap IIRC) does not check signatures on
> any packages per default, but only when the "--keyring" option is used.
>
> This has the potential security problem, that users are building (and
> thus executing code) that is not verified.
right. This is a problem for users testing their own packages. For a setup
like piuparts.debian.org this is no real problem though, as such a setup
needs to deal with potential hostile code anyway.
> 2) If nothing off the above is specified, piuparts should fail.
I guess I will make it use secure apt per default and give an option not to
use authentication.
> I'm not sure about the following:
> - As piuparts installs stuff inside the already bootstrapped chroot,
> there may be additional possibilities for insecure packages. But I
> assume you use always apt there, right? And this should use keys,..
yes
> well at least with deboostrap they're copied into the chroot
> (IIRC),... not sure about cdebootstrap.
piuparts uses debootstrap
> - Is this already a problem with current build daemons or whatever?
> And should we inform those guys on this problem?
AFAIK buildds don't use secure apt neither. But I'm not sure this is still the
case, maybe this has been fixed.
regards,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/piuparts-devel/attachments/20090910/f78b76f3/attachment.pgp>
More information about the Piuparts-devel
mailing list