On Thu, Dec 30, 2010 at 11:58 PM, Christian Kastner wrote:
> to package-build-audit *only* is a pain. For example, it is easy to
> monitor *all* access to /etc/shadow or changes to /bin/login, it is
> quite hard to limit the monitoring to a *process tree* (our building
> process).
Does the build
On 12/22/2010 05:10 PM, Yaroslav Halchenko wrote:
> May be there is a lightweight utility which could be used for
> monitoring, e.g. it would report suspicious actions being taken from
> within a monitored environment? e.g., it would
>
> * sanitize environment variables
> * monitor open/socket/..
On Wed, 22 Dec 2010, Timo Juhani Lindfors wrote:
> > script). The only way to completely prevent that would be to develop and
> > build packages in a completely isolated (virtual machine) environment
> Interesting ideas but don't you also need to run the produced binaries
> in isolation?
exactly
Yaroslav Halchenko writes:
> script). The only way to completely prevent that would be to develop and
> build packages in a completely isolated (virtual machine) environment
Interesting ideas but don't you also need to run the produced binaries
in isolation? If we assume a malicious upstream they
4 matches
Mail list logo
