Changeset 1564 in ProjectBuilder for devel/pb-doc/SECURITY
- Timestamp:
- May 22, 2012, 11:46:10 AM (13 years ago)
- File:
-
- 1 edited
-
devel/pb-doc/SECURITY (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
devel/pb-doc/SECURITY
r1179 r1564 4 4 This is done by calls to sudo. 5 5 However, by default all actions are performed with an unpriviledge user (the one using pb or the pb user if working on VM/VE/RM) 6 Security is not considered a constaint when pb is generating the build environment itself, such as for VM and VE. So, in these cases, the sudo configuration allows the pb user to do all commands without password in the VM or to perform locally all actions for the VE management, by geing granted full local access.6 Security is not considered a constaint when pb is generating the build environment itself, such as for VM and VE. So, in these cases, the sudo configuration allows the pb user to do all commands without password in the VM or to perform locally all actions for the VE management, by being granted full local access. 7 7 However, when using pb with RM, as the systems may pre-exist and be used for other tasks, a strict analysis of the actions performed is required, in order to restrict precisely the commands called with sudo priviledges, as these are done without password request to automate generation. 8 8 9 In the Distributions.pm module there are sudo calls, corresponding to the abilty to configure automatically additional repositories. That feature may not be used on RM andsolved manually without problem. In case this is used, and sudo isn't configured accordingly, then the additional repo will NOT be added and the build will probably fail.9 In the Distributions.pm module there are sudo calls, corresponding to the abilty to configure automatically additional repositories. That feature may not be used on RM or solved manually without problem. In case this is used, and sudo isn't configured accordingly, then the additional repo will NOT be added and the build will probably fail. 10 10 11 In the default pb.conf main configuration files, parameters for osupd and osins for the various distributions call sudo to make the installation of missing packages. These calls are done as 'pb' user 'by default (or the account configured as rmlogin in the configuration file). In case this is used, and sudo isn't configured accordingly, then the additional required packages will NOT be added and the build will probably fail.11 In the default pb.conf main configuration files, parameters for osupd and osins for the various distributions call sudo to make the installation of missing packages. These calls are done as 'pb' user by default (or the account configured as rmlogin in the configuration file). In case this is used, and sudo isn't configured accordingly, then the additional required packages will NOT be added and the build will probably fail. 12 12 For RM, we may consider that all required packages for the build are already installed on the system, or give rpm/yum/apt/urpmi/zypper... sudo rights to the build account manually. 13 13 Recommended for a manual setup (not using rmsetup): Add manually to your system sudo access for the pb account to the local package install and update command such as /bin/rpm e.g: … … 20 20 21 21 All: 22 sudo $vntpcmd $vntp (Command e extraite d'un fichier de conf local=> Potential Security issue for RM)22 sudo $vntpcmd $vntp (Command extracted from a local conf file => Potential Security issue for RM) 23 23 sudo /bin/date 24 24 … … 46 46 sudo rm -f $vepath->{$ENV{'PBPROJ'}}/$pbos->{'name'}-$pbos->{'version'}-$pbos->{'arch'}.tar.gz 47 47 48 Here is a list of commands called locally to build in some Linux distributins special cases:48 Here is a list of commands called locally to build on some Linux distributions special cases: 49 49 For gentoo: sudo sh -c 'echo PORTDIR_OVERLAY=\"$ENV{'HOME'}/portage\" >> /etc/make.conf' 50 50 For Slackware (TBC): sudo /sbin/makepkg -p -l y -c y $pbpkg
Note:
See TracChangeset
for help on using the changeset viewer.
