From owner-freebsd-ports@FreeBSD.ORG Sun Aug 26 19:08:49 2012 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 8F65A106564A; Sun, 26 Aug 2012 19:08:49 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 65B1F14D839; Sun, 26 Aug 2012 19:08:48 +0000 (UTC) Message-ID: <503A7440.5050703@FreeBSD.org> Date: Sun, 26 Aug 2012 12:08:48 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:14.0) Gecko/20120728 Thunderbird/14.0 MIME-Version: 1.0 To: Baptiste Daroussin References: <97612B57-1255-4BB3-A6D3-FC74324C6D67@FreeBSD.org> <20120824081543.GB2998@ithaqua.etoilebsd.net> <50380269.6020003@FreeBSD.org> <20120825000148.GF37867@ithaqua.etoilebsd.net> <50396113.3080607@cyberleo.net> <20120826122649.GA8995@stack.nl> <20120826125846.GD37534@ithaqua.etoilebsd.net> <503A6D4B.9070606@FreeBSD.org> <20120826185810.GB42842@ithaqua.etoilebsd.net> In-Reply-To: <20120826185810.GB42842@ithaqua.etoilebsd.net> X-Enigmail-Version: 1.4.3 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: CyberLeo Kitsana , ports@FreeBSD.org, current@FreeBSD.org, Jilles Tjoelker , Steve Wills Subject: Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2012 19:08:49 -0000 On 08/26/2012 11:58, Baptiste Daroussin wrote: > On Sun, Aug 26, 2012 at 11:39:07AM -0700, Doug Barton wrote: >> On 08/26/2012 05:58, Baptiste Daroussin wrote: >> >>> The is the longer plan but this with also true with pkg_add -r, and the pkg >>> bootstrap may it be pkg-bootstrap or /usr/sbin/pkg. We have been discussing with >>> Security officers and we are waiting for the plan being written and setup by >>> them, so we can improved security in both pkgng and the bootstrap. This should >>> have happen in BSDCan, but lack of time from everyone, didn't made it happen, we >>> are now aiming at Cambridge DevSummit for that. >> >> It would be nice if this were in place before 10-current shifted to pkg >> by default in order to limit the number of times that we have to start >> testing over from scratch. >> >>> Given that such a security issue is already in with the current pkg_* tools, it >>> was accepting that we can still go that way until the policy is written, given >>> that the final goal is to have the pkgng package checked against a signature. >> >> This isn't the security issue I was talking about by having sbin/pkg >> pass every command line to local/sbin/pkg. >> >> You keep saying that you have no objections to changing the name. I am >> asking you to do that. I don't care if it is pkg-bootstrap or something >> else you like better. But please change the name to not be pkg, and >> limit the functionality of the tool to bootstrapping the pkg package. >> > > I received more feedback about keep pkg As far as I could tell the people who responded that way don't seem to be aware that every command to /usr/local/sbin/pkg is going to pass through /usr/sbin/pkg. On its face, that is a bad idea for many reasons, not the least of which is that it adds complexity where that complexity does not need to be. The larger problem with that approach is that gives an attacker 2 places to compromise the package installation process instead of just 1. This becomes even more important if the pkg bootstrap tool is the place that the public key for the digital signature is located. > and changing it to > pkg-bootstrap, so what should I do, changing it because you are asking for it? A) You said you had no objections to changing it B) I'm not the only one asking Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909)