From nobody Thu Jul 28 18:05:18 2022 X-Original-To: freebsd-pkg@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ltz8Q45Cqz4XSbw for ; Thu, 28 Jul 2022 18:05:26 +0000 (UTC) (envelope-from niko.nastonen@icloud.com) Received: from pv50p00im-zteg10011501.me.com (pv50p00im-zteg10011501.me.com [17.58.6.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ltz8N0D8qz3Vs1 for ; Thu, 28 Jul 2022 18:05:23 +0000 (UTC) (envelope-from niko.nastonen@icloud.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1659031522; bh=XJalg2Lxjx7tti0CTIcFYK/J4L7ore740BI6szeScUI=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=UULeEGJVws7QqhxRqc/3gQlQbjxtQMd/hJ4KbgDqGmN7g8CAGNwT9dhMeKU0ICZkJ MevPlMai31nPGibmL23+cV1olZKLeD1RdLtbjnrv2B0qmRZVvjKke9rNWsf1dgrvp+ CfO0TheDCSAz/yBpmaJhh37EcXsE40kE56BCZRTz682eoRfs5POJW87R4DoTlqXOfd ezh5clHoGk3rBXmCwUKoQ4dZBna5q/JKVRN5g7fTT8zikeQOLQiydxoI9sX1NOW0vt ytKY5WPqPpvU8fVmlzsWcg50RulsJxXWwdSmIbiHiTXwK1V+DSHWoniqH96TRt88S1 yDHDGl+kI0Ujw== Received: from smtpclient.apple (pv50p00im-dlb-asmtp-mailmevip.me.com [17.56.9.10]) by pv50p00im-zteg10011501.me.com (Postfix) with ESMTPSA id 2D7F42E0343; Thu, 28 Jul 2022 18:05:20 +0000 (UTC) Content-Type: text/plain; charset=us-ascii List-Id: Binary package management and package tools discussion List-Archive: https://lists.freebsd.org/archives/freebsd-pkg List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkg@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\)) Subject: Re: pkg and root privileges From: niko.nastonen@icloud.com In-Reply-To: <20220728154408.em52aqyovyvatcff@aniel.nours.eu> Date: Thu, 28 Jul 2022 21:05:18 +0300 Cc: "freebsd-pkg@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <0320D2DB-F61B-4F8B-B80F-D7765860283E@icloud.com> <20220728150805.ixev66bv3bhdjdn4@aniel.nours.eu> <1FDE9D79-08E1-46E7-83A6-9538D81333A4@icloud.com> <20220728154408.em52aqyovyvatcff@aniel.nours.eu> To: Baptiste Daroussin X-Mailer: Apple Mail (2.3696.100.31) X-Proofpoint-ORIG-GUID: ucwxEr1i1Qmol1t2cm9AXCx3Yz1c_tLn X-Proofpoint-GUID: ucwxEr1i1Qmol1t2cm9AXCx3Yz1c_tLn X-Proofpoint-Virus-Version: =?UTF-8?Q?vendor=3Dfsecure_engine=3D1.1.170-22c6f66c430a71ce266a39bfe25bc?= =?UTF-8?Q?2903e8d5c8f:6.0.517,18.0.883,17.11.64.514.0000000_definitions?= =?UTF-8?Q?=3D2022-06-21=5F08:2022-06-21=5F01,2022-06-21=5F08,2022-02-23?= =?UTF-8?Q?=5F01_signatures=3D0?= X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 adultscore=0 clxscore=1015 suspectscore=0 malwarescore=0 spamscore=0 bulkscore=0 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207280084 X-Rspamd-Queue-Id: 4Ltz8N0D8qz3Vs1 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=icloud.com header.s=1a1hai header.b=UULeEGJV; dmarc=pass (policy=quarantine) header.from=icloud.com; spf=pass (mx1.freebsd.org: domain of niko.nastonen@icloud.com designates 17.58.6.42 as permitted sender) smtp.mailfrom=niko.nastonen@icloud.com X-Spamd-Result: default: False [-6.59 / 15.00]; WHITELIST_SPF_DKIM(-3.00)[icloud.com:d:+,icloud.com:s:+]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.996]; NEURAL_HAM_SHORT(-1.00)[-0.996]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[icloud.com,quarantine]; R_SPF_ALLOW(-0.20)[+ip4:17.58.0.0/16]; R_DKIM_ALLOW(-0.20)[icloud.com:s=1a1hai]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[17.58.6.42:from]; ASN(0.00)[asn:714, ipnet:17.58.0.0/20, country:US]; TO_DN_EQ_ADDR_SOME(0.00)[]; BLOCKLISTDE_FAIL(0.00)[17.58.6.42:server fail,17.56.9.10:server fail]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MLMMJ_DEST(0.00)[freebsd-pkg@freebsd.org]; FROM_NO_DN(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FREEMAIL_FROM(0.00)[icloud.com]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; DWL_DNSWL_NONE(0.00)[icloud.com:dkim]; DKIM_TRACE(0.00)[icloud.com:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_ENVFROM(0.00)[icloud.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N What about HTTPS? I know the packages are signed, but there are plenty = of MitM and replay attacks going on especially with root handling it = all. Br. Niko > On 28. Jul 2022, at 18.44, Baptiste Daroussin = wrote: >=20 > On Thu, Jul 28, 2022 at 06:30:37PM +0300, niko.nastonen@icloud.com = wrote: >> The thread on the forum was closed and deleted by moderators due to = unsportsmanlike conduct of some very worried about security :-) >>=20 >> pkg indeed needs some review in terms of usage of superuser = privileges, in my opinion. Not only fetch, but other parts too, fetch = just being probably the most fragile in that sense. >>=20 >> Thanks for your attention. >=20 > I am open to any audit, and of course like for any audit there will be = bugs > found. as for usage of superuser privileges, we use capsicum sandbox = in most > sensitive cases, like signature verification for example. so while we = are > clearly not bullet proof, I don't think the situation is dramatic at = all. >=20 > Best regards, > Bapt