Limiting the power of package installation in Debian

Posted Nov 9, 2018 6:23 UTC (Fri) by flussence (guest, #85566)
In reply to: Limiting the power of package installation in Debian by Baughn
Parent article: Limiting the power of package installation in Debian

Ditto for Gentoo. It doesn't use a full jail, but builds are sandboxed from reading files outside of permitted paths; any naïve attempt to do so spews a very large error log and the build gets aborted. Usually that ends up tripping over buggy build systems that try to use ccache without permission.

The installation *can* run things as root after merging files, but any shady business will stick out like a sore thumb during code review, simply because needing to do so at all is so rare. It helps that things like messing with existing config and running services during package installation are culturally verboten.

to post comments

Limiting the power of package installation in Debian

Posted Nov 17, 2018 16:52 UTC (Sat) by hvd (guest, #128680) [Link]

I have to disagree with the "ditto". "Any naïve attempt" is exactly right: Gentoo's sandbox is not a security feature, nor is it supposed to be. It is designed to catch mistakes, that's all. It can be trivially bypassed by malicious scripts, or sometimes -- rarely -- even by accident. That's different from Nix's jails: those are supposed to be (or become -- I do not know the current status) safe enough to run untrusted code in.