From owner-freebsd-hackers  Sat Apr 25 20:28:13 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA04202
          for freebsd-hackers-outgoing; Sat, 25 Apr 1998 20:28:13 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from time.cdrom.com (time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA04118
          for <hackers@FreeBSD.ORG>; Sat, 25 Apr 1998 20:28:05 -0700 (PDT)
          (envelope-from jkh@time.cdrom.com)
Received: from time.cdrom.com (localhost.cdrom.com [127.0.0.1])
	by time.cdrom.com (8.8.8/8.8.8) with ESMTP id UAA15470;
	Sat, 25 Apr 1998 20:27:53 -0700 (PDT)
	(envelope-from jkh@time.cdrom.com)
To: Eivind Eklund <eivind@yes.no>
cc: Alex <garbanzo@hooked.net>, hackers@FreeBSD.ORG
Subject: Re: Speaking of packaging tools.. 
In-reply-to: Your message of "Sun, 26 Apr 1998 05:10:43 +0200."
             <19980426051043.29132@follo.net> 
Date: Sat, 25 Apr 1998 20:27:50 -0700
Message-ID: <15211.893561270@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Neat - but do we really want to go in the direction of packages that
> can contain trojans?  Personally I wouldn't like running a

Erm..  We've not only already gone in that direction, we reached the
destination long ago and have spent enough time at the location to
build a small town there.  The existing pkg_add format is a walking,
talking demonstration model for creating packaged trojans and I'm not
talking about condoms (rim shot) - the +INSTALL component of a pkg can
be literally anything from a benign shell-script to a system-eating
binary horror.  There are no checks on what it does save for the
permissions available to the uid pkg_add is running as, that generally
being root of course.  Packages aren't even SIGNED, as you well know,
and it'd be essentially correct to say that the *BSD package system is
completely, totally and utterly without any form of security
whatsoever and is probably saved only by the fact that hacking it
would prove no challenge whatsoever and hence isn't enough fun. :-)

What I'm more curious to know about these self-extractors is
where exactly they extract and how one controls that behavior.

The biggest problem with executable packages is also, of course, the
fact that people will typically use ftp to xfer them and they won't
then run without the user knowing how to use chmod to set the execute
bit.  This isn't a problem that pkg_add has to worry about with data
files.

					Jordan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message