Date: Sat, 30 Sep 2000 17:46:03 -0600 From: Warner Losh <imp@village.org> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: Michael Bryan <fbsd-security@ursine.com>, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <200009302346.RAA14278@harmony.village.org> In-Reply-To: Your message of "Sat, 30 Sep 2000 16:35:55 PDT." <20000930163555.A19473@Odin.AC.HMC.Edu> References: <20000930163555.A19473@Odin.AC.HMC.Edu> <39D671D9.62E7148B@ursine.com> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> <39D671D9.62E7148B@ursine.com> <200009302308.RAA14067@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20000930163555.A19473@Odin.AC.HMC.Edu> Brooks Davis writes: : On Sat, Sep 30, 2000 at 05:08:37PM -0600, Warner Losh wrote: : > I think that there's a lot of support for this notion (I could be : > wrong). Enough that it would be interesting trying to see how hard it : > would be to come up with an API that is easy to implement in the ports : > system as well as integrate into our package system. It would be a : > fair amount of work, but I think in the long run it would be useful. : : I haven't seen any significant objections (though some early though in the : dammage control department for when a well rated port causes a problem as : will eventually happen would be good.) I've got one suggestion though. : I'd suggest that the scale be something like 1-N plus UNKNOWN. The reason : being that I can't see any agreement being forthcoming on how bad a random : program off the internet should labled. Some people might want unknown : code to default to the level corresponding to "known root exploits in : current version" while others might consider it a bit more trustworthy : then that. A variable in make.conf could be used to decided what level : those should be at. Hmmm. I'm working on a strawman. I'll have to see if this can be added. The basic strawman is that there's a default level (say 3). Ports decalre things about themselves (HAS_SETUID_ROOT=yes, CODE_TRUST=horrible, CODE_TRUST=excellent, HAS_ROOT_HOLE=yes, etc). bsd.port.mk calcuates a value. It compares this value against two levels, one for warning and one for error. Ports below the warning level are handled like now. Ports at or above the warning level, but below the error level gets you a whining message. Ports at or above the error level refuse to build/install. One could then set the default level high when building/installing ports and that would make it harder to get ports to build generally, or one could set it lower if one wanted things to default to more permissive levels. Ditto with the warning levels. I'm still working on the details, and will be out of email touch for a while, but I think that a relatively simple system can be devised that will allow most people to get warm fuzzies, but allow the paranoid and permissive ends of the bell curve a chance to do their thing. It will be a little while before I have something. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009302346.RAA14278>