Figure 3.1: Seth Chandler, aka sethbc
Last week's issue, which was conveniently delayed a day so it could be released on April 1, contained a story about the adoption of the RPM format for package management. The results of this April Fools' Joke were far more successful than we had hoped for. (Some might argue it was too successful) Needless to say, it was a joke and the Gentoo development team has no plans to move away from the ebuild format as its standard means of package management.
Now please stop sending us hate mail.
Portage moves to a new, more secure format
As part of an overall effort to improve the security of Gentoo Linux, the Portage development team is starting to implement some new features in Portage which will allow for increased security in our package management and distribution systems. One of the first new features that users will notice is digests of every file involved in the merge process, including ebuilds, patches and source tarballs. In addition to offering increased security, these digests will help isolate and track down corrupt ebuilds or other files on our rsync and source mirrors.
The next step in the process will be signing these digest files with a GPG key to ensure non-repudiation. While there is still some discussion amongst the development team on the best way to achieve this, the current leading solution involves each developer signing ebuilds individually, and then one master Gentoo "uberkey" signing all of the developer keys to establish a Gentoo "web of trust". Developer keys will be made available through public keyservers, as well as on www.gentoo.org
The goal of what has come to be known as "Secure Portage" is to provide a robust package management system that offers end-to-end security in the emerge process. As yet, there is no confirmed timeline on when the entire system will become available, but the digesting portion is in testing now and the rest will soon follow.
The sendmail MTA has a stack overflow vulnerability in the way that it checks email addresses. This vulnerability could be exploited remotely to execute a DoS attack, gain control of the sendmail server, or potentially execute arbitrary code under the privileges of the server (typically root).
Multiple vulnerabilities in the krb5 and mit-krb5 implementations of the Kerberos authentication protocol have been identified. These include a buffer overrun that permits a DoS attack on he Kerberos administration daemon, a chosen-plaintext attack that permits impersonation of other principals, and buffer overrun and underrun problems that permit unusual names and hosts (which could be used in other attacks).
A cryptographic weakness in Kerberos 4 permits a chosen-plaintext attack to impersonate other principals in the realm. The openafs distributed file system uses Kerberos 4, and is consequently vulnerable to an impersonation attack.
The xdrmem_getbytes() function included in dietlibc contains an integer overflow vulnerability that could be used by a remote attacker to execute an rpc call that permits an exploit on the vulnerable service.
There were no new security bugs this week that are still outstanding.
Marcus Martin posted an idea about including "emerge security" functionality that would automatically update packages for which a GLSA had been released. This prompted a fair bit of discussion, with the consensus being that it was a good idea (albeit one that might not be trivially easy to implement) and had already been documented as bug #5835.
Chris Frey posted a script for providing a set of md5sums on the master portage server to allow gentooers to check for trojaned ebuilds. This was proposed as a stopgap measure while we wait for signed ebuilds. The post prompted some discussion, including criticism that it might overburden servers and their administrators as well as potentially redirect developer resources from a more robust final solution in portage. The discussion was brought to a conclusion by Nicholas Jones' post which pointed out that the problem was moot because we would begin to see a solution as early as portage-2.0.47.
3. Featured Developer of the Week
Seth Chandler
Figure 3.1: Seth Chandler, aka sethbc |
|
Everyone likes to complain about how slow OpenOffice is, but it's still one of the most full-featured and MS Office-compatible suites out there. This week's featured developer, Seth Chandler, is in charge of the openoffice and openoffice-bin packages, and also maintains keychain, writes some docs, and is also one of the three PPC co-leads. His primary duty - fixing bugs that crop up with OpenOffice - takes up most of his time, but he also helps take up the slack when other developers go missing. Seth began using Gentoo about two years ago, and was invited to the Gentoo development team five months ago by Spanky, whom he knew from school, because they needed someone to be in charge of OpenOffice. Through his work with Gentoo, he has become a regular of IRC channels and mailing lists related to OpenOffice, and has been contributing to OpenOffice's IssueZilla because Gentoo's bleeding-edge nature means that problems are often noticed here before they are on other distributions.
During the day, Seth is a student at Worcester Polytechnic Institute, and will go to Cornell Law School once he graduates. His three computers (a Dual P3, a Dual Athlon MP 2100, and a 15.2-inch Powerbook) all run Gentoo, although the Mac dual boots with OS X. He runs Waimea-cvs and qmail on all of his boxen, and his favorite apps include gaim-cvs, xchat-2, kmail, aterm, and gkrellm. Both of his x86 machines run the latest sources, which at the time of the interview was 2.5.65-mm2, but when he's feeling spicy he'll run off a live BitKeeper repo.
Seth is a member of the Atlanta Braves ground crew and has been enjoying working down there for 15 years; his father is the team doctor. He says he goes to school in the offseason.
Slithering Along the Bleeding Edge
The development tree of the Linux kernel is advancing towards 2.6 rapidly, and several threads in the forums are making clear that Gentooists are pretty much following the development as closely as possible. Not without the occasional problem, apparently...
Best April Fool's Joke Ever
Check the first link in our list: The forums had actually predicted that this would happen... But the threat of Portage's disappearance hit a nerve in many faithful Gentoo users, and many went into shock for anything between a split-second to several hours. They shouted abuse at their screens or room mates, and threatened to start deleting their portage tree before it dawned on them: They'd been had... And amidst the outrage over Gentoo's alleged move to RPM, only a handful of Germans found the second false news in last week's GWN.
Gentoo Corporate Usage?
With over 60 responses so far, this week's busiest thread on gentoo-user asks about companies (preferably large ones) that are using Gentoo in a production environment. Many people responded indicating they didn't feel Gentoo was appropriate for a production environment, noting too many problems with their own personal systems. Others indicated that Gentoo ran quite happily in a production role, often serving upwards of 150,000 clients. The responses are obviously quite varied and, in many cases, off-topic, but the thread does contain quite a few interesting insights into the trials and tribulations of using Gentoo Linux in a production environment.
Package management for non-ebuild software
Jan Drugowitsch asked about managing software packages installed outside of Portage on a Gentoo Linux system. Responses were varied and helpful, pointing to several open source projects which might fit the bill.
Portage Programming Question
Robin H. Johnson asked about the availability of some documentation on the Portage DB API and he received a nice surprise when he was told to type python [RETURN] help() [RETURN] portage to get to Python's interactive help.
ACCEPT_KEYWORDS="~arch" equivalent?
Jani Monoses was wondering if there is a more simple solution to the use of the long ACCEPT_KEYWORDS="~arch" emerge package_name. Thomas M. Beaudry chipped in with the suggestion to use Bash aliases (see man bash). And another Thomas contributed with his alias definition alias expmerge='ACCEPT_KEYWORDS="~x86" emerge'.
A French Meta-Project for the Meta-Distribution
Gentoo France is re-emerging itself: After the establishment of gentoofr.org in July last year (and carefully maintaining their good relations with the older project), a new organisation founded by Baptiste Simon, Guillaume Morin and Mark Krauth called frgentoo.net is now gathering supporters and activists willing to help with a new initiative for French translations of Gentoo documentation and tutorials, organising IRC channels and mailing lists, and generally wanting to round up more than just the usual suspects. The new club wants to provide a whole range of services around Gentoo Linux in France, and is determined to do things right by the community from day one. frgentoo's first elections for all posts in the association are going to be held by the end of the month, candidate submissions for coordinator and project leader roles are possible until 11 April, with the elections to be held by electronic vote between 14 and 20 April.
International Event Calender
While the Köln-Bonn community is still publicly discussing the agenda for their first meeting, two events in the US have emerged at somewhat shorter notice:
The following stable packages were added to portage this week
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:
There are currently 2895 bugs open in bugzilla. Of these: 63 are labeled 'blocker', 107 are labeled 'critical', and 227 are labeled 'major'.
The developers and teams who have closed the most bugs this week are:
The developers and teams who have been assigned the most new bugs this week are:
Changing File Attributes
This week's tip explains how to use chattr to keep important system files secure. The "change attribute" command, or chattr, can be used to add or change existing file attributes for things such as synchronous updates, tighter file security, and more. However, this command is only available on ext2 or ext3 partitions.
A list of common attributes and their associated flags is listed below. For a more complete list see man chattr.
Note: The 'j' option can only be used with ext3. |
Note: The 'j', 'a' and 'i' options are only available to the superuser |
First make sure that you have chattr installed by emerging e2fsprogs.
Code Listing 8.1: Installing Required Files |
# emerge e2fsprogs
|
To set attributes on files, use the chattr command and to view attributes, use the lsattr command.
Code Listing 8.2: Examples of using chattr and lsattr |
(Set the immutable bit on a file so it cannot be changed or removed) # chattr +i myfile # lsattr myfile ----i-------- myfile (Testing the immutable flag by attempting to delete the file) # rm myfile rm: cannot remove `myfile': Operation not permitted (Set myfile to append-only) # chattr +a myfile # lsattr myfile -----a------- myfile # echo testing > myfile myfile: Operation not permitted # echo testing >> myfile (no errors - file was appended to) |
Some instances where this may be useful is keeping important files safe from deletion. Remember that even root can't delete a file that is immutable or append-only without first explicitly removing that attribute. Using this flag on /etc/passwd or /etc/shadow files keeps them safe from an accidental rm -f and also ensures no new accounts can be added in the event of an exploit. Keeping other files append-only means once they are written, that data can't be changed. Logs are a good candidate for this to keep them from being tampered with. With chattr and lsattr, you now have a few new tools to keep your system secure.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project.
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
The Gentoo Weekly Newsletter is also available in the following languages: