Roberto Di Cosmo wrote: > On Mon, Feb 23, 2015 at 10:07:58AM +0900, Louis Gesbert wrote: > > That's starting to sound fairly consistent: > > > > # Secure OPAM itself a bit: > > > > * Sandbox the build step: not sure how to do it, but it should be > without network access, and only allowed to write to its build dir. > > This is really *not easy* in the current state of affairs > > -> opam calls whatever command is declared in the build:/install: fields > > -> this command can do whatever it wants; a sloppy Makefile might very > well end > up removing all the user-writeable files on a machine; think of > something like > > PREFIX=$(HOME)/$(MYNICELOCALVAR) # ooops ... using a var defined > only on the dev machine! > > install: > rm -rf $(PREFIX) # clean up dest dir on the dev machine; rm -rf > $(HOME) everywhere else! > .... > -> it's easy to pass through the integration test on opam-repository too: > if > somebody really wants to make bad jokes, one can simply check the > environment to be nice when going through Travis, and wreak havoc > elsewhere > > In the GNU/Linux distribution world, we face a similar challenge, with > install scripts being on top run as root; the very stringent QA process > enforced by these communities mitigates the problem quite a bit, of > course, but it is still there and s*it happens. > > That's why I was asking for the characteristics of the sandboxing > techniques we known. As with security, "sandbox" is a term easy to use, > but difficult to achieve. > > My best bet is _really_ the ptrace approach followed by Mcqueen in > http://robot101.net/files/trace.tar.gz as it allows to monitor _all_ file > access even by statically linked binaries, and is able to make a backup > copy of modified files (to restore them, if something goes wrong). > > What I do not know is whether something similar is available for *BSD, and > even less for Windows.
See http://www.sandboxie.com/ for Windows. David _______________________________________________ opam-devel mailing list [email protected] http://lists.ocaml.org/listinfo/opam-devel
