On 08/30/2013 10:01 PM, Jay Greguske wrote:
I'd like to see some elaboration on why VMs instead of chroots would be
required. I can draw my own conclusions (security) but I'd like to see
them listed out first before continuing the discussion.
Koji builder has somewhere stored certificate. This certificate authorize him
to Koji hub.
Whoever has this certificate can act as Koji builder.
Koji builder builds using mock, which means in chroot. There are known some exploits, which allows you to run out of
chroots.
Now imagine evil package, which will run out chroot, read that certificate and
deliver it to attacker.
He now can build evil builder and start building modified packages.
While there are known exploits to affect host machine of VM, it is definitely
harder than running out of chroot.
--
Miroslav Suchy, RHCE, RHCDS
Red Hat, Software Engineer, #brno, #devexp, #fedora-buildsys
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
