On Wednesday 20 June 2007, Ned Ludd wrote:
> On Wed, 2007-06-20 at 15:57 -0400, Mike Frysinger wrote:
> > On Wednesday 20 June 2007, Marius Mauch wrote:
> > > Mike Frysinger <[EMAIL PROTECTED]> wrote:
> > > > mayhaps we need a new function to be run in src_install() to label
> > > > files as "sensitive" ... so baselayout would do:
> > > > esosensitive /etc/{fstab,group,passwd,shadow}
> > > > and then we expand the format of CONTENTS in the vdb:
> > > > priv /etc/fstab <hash> <mtime>
> > >
> > > And what would be phase 2 of that? Just having a new filetype
> > > in CONTENTS doesn't accomplish anything by itself ...
> >
> > updating any tool that creates binary packages from the live $ROOT of
> > course silly billy
> >
> > current behavior:
> > # quickpkg baselayout
> > * Building package for sys-apps/baselayout-1.12.10-r4
> > * Packages now in '/usr/portage/pacakges':
> > * sys-apps/baselayout-1.12.10-r4: 307K
> >
> > proposed new behavior (exact output here is not part of the discussion so
> > dont nit pick it):
> > # quickpkg baselayout
> > * Building package for sys-apps/baselayout-1.12.10-r4
> > * Skipping sensitive file: /etc/passwd
> > * Skipping sensitive file: /etc/shadow
> > * Skipping sensitive file: /etc/group
> > * Packages now in '/usr/portage/pacakges':
> > * sys-apps/baselayout-1.12.10-r4: 307K
> > # quickpkg --iamsensitive baselayout
> > * Building package for sys-apps/baselayout-1.12.10-r4
> > * Including sensitive file: /etc/passwd
> > * Including sensitive file: /etc/shadow
> > * Including sensitive file: /etc/group
> > * Packages now in '/usr/portage/pacakges':
> > * sys-apps/baselayout-1.12.10-r4: 307K
>
> Suggestion:
> If you go down this "sensitive" route. please ensure that the
> generated.tbz2 is mode 600 to prevent exposing this sensitive
> data more than need be.that's a different bug which is already being addressed (and which lead me down this line of thinking in the first place) ... -mike
signature.asc
Description: This is a digitally signed message part.
