Re: Improving security for pkgsrc

[Marc Espie <espie%nerim.net@localhost>]

On Tue, Jul 21, 2015 at 04:36:45PM +0200, Kamil Rytarowski wrote:
> Of course it depends of use-case, if you just want to serve a single
> executable and mitigate corruption of the entire system... it might be
> a benefit. On the other hand in that use-case I would go for a
> container or an unikernel solution (already an option with rump
> kernels) and keep the things as quick as they can be.
> 
Yet another security fallacy, mainly coming from sysadmins. Sure, I'll run
it in a separate environment, and if things break, it's of no importance.

Well, if it's software that you actually want to use, it takes only a slightly
more sophisticated attacker to turn a plain old corruption into something
more subtle that will corrupt your data and give out wrong results...

Considering that a lot of those containers actually interact with external
stuff (via the network or thru database corruptions), I don't feel much safer
with containers.

At the most, I want to monitor these and know as soon as I can that something
funny is going on.

Again, it comes down to bug-smashing.  Letting any kind of bug produce results
that you want to use is a bad idea.