Web lists-archives.com

Re: Limiting the power of packages




Laurent Bigonville <bigon@xxxxxxxxxx> writes:

> Lars Wirzenius wrote:
>
>> * default: install files in /usr only
>> * kernel: install files in /boot, trigger initramfs
>> * core: can install files anywhere, trigger anything
>> * maintained-by-liw: full power to do anything
>>
>> This might be implemented in various ways. For example, dpkg could
>> create a temporary directory, and bind mount the directories the
>> profile indicates are needed, into a temporary shadow of the full
>> system. Maintainer scripts would be run in the shadow environment.
>> Thus, if they try to do something that isn't allowed by the packages
>> profile, they can't.
> This can be done with SELinux as well, the maintainer scripts can be 
> labeled and dpkg will run them in the desired context.

I like the general project, but feel obliged to point out that having
maintainer scripts fail is not nice for users, so we'd need to think
about how to handle security/liw-classification failures.

d