On Friday 14 November 2008 21:09:43 John Kasunich wrote: > Sebastian Kuzminsky wrote: > > > # let the farm user run "sudo make setuid" without a password by > > adding this line to /etc/sudoers: > > farmer ALL = ALL, NOPASSWD: /usr/bin/make setuid > > > > This part raises a red flag for me, as I mentioned on IRC last night. > > If you set this passwordless sudo, then it is theoretically possible for > somebody to check a trojan makefile into our CVS, and a few minutes > later it would run on your box as root. If your buildbot system is a > dedicated virtual machine used for nothing else, the risk is probably > tolerable. I would NOT make this change to /etc/sudoers if "farmer" is > a user on a non-virtual machine that you use for other things. > > The odds of such a thing happening are slim - Joe Hacker can't commit a > trojan, only someone with commit access to the server could do it. And, > the CVS logs would tell us exactly who it was, so we could give them the > beating they so richly deserve. But the risk needs to be acknowledged.
They guy has root access to the machine, so he can manipulate the CVS database and obfuscate the commit. Heck, he can even start a telnet/ssh session or whatever. He's root! I don't think there is a solution for this, however. If you want to run a component of the repository (be it the makefile or the setuid programs itself) as root, you need to trust your committer. You could run it in qemu or whatever, but what is it good for then, if you don't have the real hardware access to test RT... (Two seperate machines could be a solution, well...) -- Greetings Michael. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Emc-developers mailing list Emc-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-developers
