Carsten Lohrke <carlo gentoo.org> posted
200702231422.05809.carlogentoo.org, excerpted
below, on Fri, 23 Feb 2007
14:22:05 +0100:
> I consider the preserve-libs functionality one of the
biggest
> security threats for Gentoo users. You may dismiss
this, saying the
> problem sits in front of the keyboard, but I'm telling
you this is
> careless and that we can do better:
>
> echo "/path/to/preserved.so" >>
/var/lib/portage/preserved_libs
>
> stores the libraries, and Portage can each time emerge
is run look up,
> if the file lists libraries, check, if those exist, if
not remove the
> lines or otherwise warn the user about the possibly
vulnerable libraries
> and tell him what to do.
+1 here! During my own sysadmin-ings, I've wondered why
there wasn't
such a list on several occasions. It would make things /so/
much
simpler, at least from the sysadmin perspective. (Of
course, I realize
that's /not/ the same thing as simpler from a portage
perspective, but
anyway, that's what's being discussed here. =8^)
If this is added, I think it's big enough to have it
mentioned in the
handbook as well. Having that handy list all nicely
centralized to one
location would be a /big/ boon to security conscious Gentoo
sysadmins
everywhere, so it's easily worth mentioning in the handbook
as one of the
valuable tools portage provides.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."
Richard Stallman
--
gentoo-portage-devgentoo.org mailing list
|
