tags 545907 +security thanks Hi Christoph,
thanks for your bug report, even though I was aware of the issue, it helps to
file bugs to make people fix things they are aware of ;-)
On Mittwoch, 9. September 2009, Christoph Anton Mitterer wrote:
> debootstrap (unlike cdebootstrap IIRC) does not check signatures on
> any packages per default, but only when the "--keyring" option is used.
>
> This has the potential security problem, that users are building (and
> thus executing code) that is not verified.
right. This is a problem for users testing their own packages. For a setup
like piuparts.debian.org this is no real problem though, as such a setup
needs to deal with potential hostile code anyway.
> 2) If nothing off the above is specified, piuparts should fail.
I guess I will make it use secure apt per default and give an option not to
use authentication.
> I'm not sure about the following:
> - As piuparts installs stuff inside the already bootstrapped chroot,
> there may be additional possibilities for insecure packages. But I
> assume you use always apt there, right? And this should use keys,..
yes
> well at least with deboostrap they're copied into the chroot
> (IIRC),... not sure about cdebootstrap.
piuparts uses debootstrap
> - Is this already a problem with current build daemons or whatever?
> And should we inform those guys on this problem?
AFAIK buildds don't use secure apt neither. But I'm not sure this is still the
case, maybe this has been fixed.
regards,
Holger
signature.asc
Description: This is a digitally signed message part.
