/[gentoo]/xml/htdocs/proj/en/glep/glep-0057.txt
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0057.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.2 Revision 1.5
1GLEP: 57 1GLEP: 57
2Title: Security of distribution of Gentoo software - Overview 2Title: Security of distribution of Gentoo software - Overview
3Version: $Revision: 1.2 $ 3Version: $Revision: 1.5 $
4Last-Modified: $Date: 2008/10/28 07:45:07 $ 4Last-Modified: $Date: 2010/02/07 16:24:17 $
5Author: Robin Hugh Johnson <robbat2@gentoo.org> 5Author: Robin Hugh Johnson <robbat2@gentoo.org>
6Status: Draft 6Status: Final
7Type: Informational 7Type: Informational
8Content-Type: text/x-rst 8Content-Type: text/x-rst
9Created: November 2005 9Created: November 2005
10Updated: May 2006, October 2006, Novemeber 2007, June 2008, July 2008, October 2008 10Updated: May 2006, October 2006, November 2007, June 2008, July 2008, October 2008, January 2010
11Post-History: 11Post-History: December 2009
12Approved: 18 January 2010
12 13
13Abstract 14Abstract
14======== 15========
15This is the first in a series of 4 GLEPs. It aims to define the actors 16This is the first in a series of 4 GLEPs. It aims to define the actors
16and problems in the Gentoo software distribution process, with a strong 17and problems in the Gentoo software distribution process, with a strong
52 in portage, makes it trivial to modify or replace the existing 53 in portage, makes it trivial to modify or replace the existing
53 Manifests. 54 Manifests.
54 - Vulnerability of existing infrastructure to attacks. 55 - Vulnerability of existing infrastructure to attacks.
55 The previous two items make it possible for a skilled attacker to 56 The previous two items make it possible for a skilled attacker to
56 design an attack and then execute it against specific portions of 57 design an attack and then execute it against specific portions of
57 existing infrastructure (eg: Compromise a country-local rsync mirror, 58 existing infrastructure (e.g.: Compromise a country-local rsync
58 and totally replace a package and it's Manifest). 59 mirror, and totally replace a package and it's Manifest).
59 60
60Specification 61Specification
61============= 62=============
62Security is not something that can be considered in isolation. It is 63Security is not something that can be considered in isolation. It is
63both an ongoing holistic process and lessons learnt by examining 64both an ongoing holistic process and lessons learnt by examining
92 93
93Attacks may be conducted against any of these entities. Obviously 94Attacks may be conducted against any of these entities. Obviously
94direct attacks against Upstream and Users are outside of the scope of 95direct attacks against Upstream and Users are outside of the scope of
95this series of GLEPs as they are not in any way controlled or 96this series of GLEPs as they are not in any way controlled or
96controllable by Gentoo - however attacks using Gentoo as a conduit 97controllable by Gentoo - however attacks using Gentoo as a conduit
97(including malicous mirrors) must be considered. 98(including malicious mirrors) must be considered.
98 99
99Processes 100Processes
100--------- 101---------
101There are two major processes in the distribution of Gentoo, where 102There are two major processes in the distribution of Gentoo, where
102security needs to be implemented: 103security needs to be implemented:
303from Marius Mauch (genone). 304from Marius Mauch (genone).
304 305
3052008-04-03, gentoo-dev mailing list, "Re: Monthly Gentoo Council 3062008-04-03, gentoo-dev mailing list, "Re: Monthly Gentoo Council
306Reminder for April" - Ciaran McCreesh (ciaranm). A thread in which 307Reminder for April" - Ciaran McCreesh (ciaranm). A thread in which
307Ciaran reminds everybody that simply making all the developers sign the 308Ciaran reminds everybody that simply making all the developers sign the
308tree is not sufficent to prevent all attacks. 309tree is not sufficient to prevent all attacks.
309[ http://thread.gmane.org/gmane.linux.gentoo.devel/55508/focus=55542 ] 310[ http://thread.gmane.org/gmane.linux.gentoo.devel/55508/focus=55542 ]
310 311
3112008-07-01, gentoo-portage-dev mailing list, "proto-GLEPS for 3122008-07-01, gentoo-portage-dev mailing list, "proto-GLEPS for
312Tree-signing" - Robin H. Johnson (robbat2). Thread looking for review 313Tree-signing" - Robin H. Johnson (robbat2). Thread looking for review
313input from Portage developers. 314input from Portage developers.
334 University of Arizona Technical Report TR08-02. Available online 335 University of Arizona Technical Report TR08-02. Available online
335 from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf 336 from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
336[C08b] Cappos, J et al. (2008). "Attacks on Package Managers" 337[C08b] Cappos, J et al. (2008). "Attacks on Package Managers"
337 Available online at: 338 Available online at:
338 http://www.cs.arizona.edu/people/justin/packagemanagersecurity/ 339 http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
340[#GLEPxx+2] Future GLEP on Developer Process security.
341[#GLEPxx+3] Future GLEP on GnuPG Policies and Handling.
339 342
340Copyright 343Copyright
341========= 344=========
342Copyright (c) 2006 by Robin Hugh Johnson. This material may be 345Copyright (c) 2005-2010 by Robin Hugh Johnson. This material may be
343distributed only subject to the terms and conditions set forth in the 346distributed only subject to the terms and conditions set forth in the
344Open Publication License, v1.0. 347Open Publication License, v1.0.
345 348
346vim: tw=72 ts=2 expandtab: 349vim: tw=72 ts=2 expandtab:

Legend:
Removed from v.1.2  
changed lines
  Added in v.1.5

  ViewVC Help
Powered by ViewVC 1.1.20