diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2017-11-21 21:43:31 +0100 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2017-11-21 21:43:31 +0100 |
| commit | 1f24eec762d171cb6ff80e6995667ac1a39e713b (patch) | |
| tree | 3e1961863da360fc9850b8dc5974c16d9451f163 | |
| parent | glep-0059: Merge the two References sections into one. (diff) | |
| download | glep-1f24eec762d171cb6ff80e6995667ac1a39e713b.tar.gz glep-1f24eec762d171cb6ff80e6995667ac1a39e713b.tar.bz2 glep-1f24eec762d171cb6ff80e6995667ac1a39e713b.zip | |
glep-0057: Fix markup of bullet lists.
| -rw-r--r-- | glep-0057.rst | 59 |
1 files changed, 30 insertions, 29 deletions
diff --git a/glep-0057.rst b/glep-0057.rst index 812728e..17eda31 100644 --- a/glep-0057.rst +++ b/glep-0057.rst @@ -44,19 +44,19 @@ number of security shortcomings. The last discussion on the gentoo-dev mailing list [http://thread.gmane.org/gmane.linux.gentoo.devel/38363] contains a good overview of most of the issues. Summarized here: - - Unverifiable executable code distributed: - The most obvious instance are eclasses, but there are many other bits - of the tree that are not signed at all right now. Modifying that data - is trivial. - - Shortcomings of existing Manifest verification - A lack and enforcement of policies, combined with suboptimal support - in portage, makes it trivial to modify or replace the existing - Manifests. - - Vulnerability of existing infrastructure to attacks. - The previous two items make it possible for a skilled attacker to - design an attack and then execute it against specific portions of - existing infrastructure (e.g.: Compromise a country-local rsync - mirror, and totally replace a package and its Manifest). +- Unverifiable executable code distributed: + The most obvious instance are eclasses, but there are many other bits + of the tree that are not signed at all right now. Modifying that data + is trivial. +- Shortcomings of existing Manifest verification. + A lack and enforcement of policies, combined with suboptimal support + in portage, makes it trivial to modify or replace the existing + Manifests. +- Vulnerability of existing infrastructure to attacks. + The previous two items make it possible for a skilled attacker to + design an attack and then execute it against specific portions of + existing infrastructure (e.g.: Compromise a country-local rsync + mirror, and totally replace a package and its Manifest). Specification ============= @@ -67,18 +67,19 @@ previous shortcomings. System Elements --------------- There are a few entities to be considered: - - Upstream. The people who provide the program(s) or data we wish to - distribute. - - Gentoo Developers. The people that package and test the things - provided by Upstream. - - Gentoo Infrastructure. The people and hardware that allow the revision - control of metadata and distribution of the data and metadata provided - by Developers and Upstream. - - Gentoo Mirrors. Hardware provided by external contributors that is not - or only marginally controlled by Gentoo Infrastructure. Needed to - achieve the scalability and performance needed for the substantial - Gentoo user base. - - Gentoo Users. The people that use the Gentoo MetaDistribution. + +- Upstream. The people who provide the program(s) or data we wish to + distribute. +- Gentoo Developers. The people that package and test the things + provided by Upstream. +- Gentoo Infrastructure. The people and hardware that allow the revision + control of metadata and distribution of the data and metadata provided + by Developers and Upstream. +- Gentoo Mirrors. Hardware provided by external contributors that is not + or only marginally controlled by Gentoo Infrastructure. Needed to + achieve the scalability and performance needed for the substantial + Gentoo user base. +- Gentoo Users. The people that use the Gentoo MetaDistribution. The data described here is usually programs and data files provided by upstream; as this is a rather large amount of data it is usually @@ -102,10 +103,10 @@ Processes There are two major processes in the distribution of Gentoo, where security needs to be implemented: - - Developer commits to version control systems controlled by - Infrastructure. - - Tree and distfile distribution from Infrastructure to Users, via the - mirrors (this includes both HTTP and rsync distribution). +- Developer commits to version control systems controlled by + Infrastructure. +- Tree and distfile distribution from Infrastructure to Users, via the + mirrors (this includes both HTTP and rsync distribution). Both processes need their security improved. In [GLEPxx2] we will discuss how to improve the security of the first process. The relatively |