Subject: Re: pkg_delete "Executing" output
To: Alistair Crooks <agc@pkgsrc.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-pkg
Date: 02/10/2005 15:17:52
On Thu, 10 Feb 2005, Alistair Crooks wrote:

> And there are a number of people who are a bit more paranoid than that
> - not just me, but the one on this list who made the environment to
> build packages in a chroot.  I distinctly remember the days of the
> trojaned configure script, when connections were opened up to remote
> sites (which could be running as root, although we had just-in-time su
> by then in pkgsrc).  As for new packages, one of those could easily
> have something malignant inside it.  No way will I trust them.

This is unrelated. The @exec and @unexec are only added (maybe)
mechanically by print-PLIST or manually by one of the NetBSD committers.

Yes, I can imagine that a software received from the outside may have
flaws -- even malicious trojans. We never have the time to possibly review
all configuration and build and install steps. We don't have the time to
patch all the configuration and build and install steps to be completely
verbose. Many installers (even used by pkgsrc builds) can be very quiet
compared to what they are really doing.

> Yes, 538 out of 5349 packages makes roughly 10%. This, to me, was
> inconsistent with the claim that "just about every package" has
> @exec and @unexec lines in their PLISTs.

Three of my systems here:

39 out of 336 packages with 313 @exec/@unexec lines.

86 out of 502 packages with 367 @exec/@unexec lines.

46 out of 313 packages with 832 @exec/@unexec lines.

> How many times (except for bulk builds, which are only run by a
> small subset of hardcore developers) do you install perl or
> p5-perl-headers?

Only a few times per year, but I do install many packages very frequently.

> > Who doesn't trust the @unexec and @exec lines? And if so, why?
> >
> > (I assume it is a small minority and they can use -v or -vv.)
>
> I, for one, don't trust them.

Would one of our pkgsrc developers would put in a malicious @exec/@unexec
line?

Maybe we can have a compromise and have different @tags for some things to
be ran? Because I don't want to be told things like this:

@unexec /bin/rmdir %D/share/emacs/site-lisp 2>/dev/null || true

> If you can't think of any way to exploit this, let me know, and I
> shall send you offline mail detailing one scenario I can think of
> which would cripple operations and leave no trace of who had caused
> the grief.

Yes, please do.

 Jeremy C. Reed

 	  	 	 BSD News, BSD tutorials, BSD links
	  	 	 http://www.bsdnewsletter.com/