mkimage-profiles

History

Michael Shigorin f293239d5b build-vm: try system tar2fs first It's at least removing the very obvious user->root attack through (maliciously) modifying bin/tar2fs and waiting for it to be run; if mkimage-profiles is installed system-wide as a package, the script from /usr/share/mkimage-profiles will be tried so those willing to allow vm/* build to themselves can provide for a passwordless sudo (as described in doc/vm.txt) to run a root-only writable script, not user-writable. Still not perfect but a step away from the abyss.	2016-11-07 19:47:53 +03:00
..
90-build-vm.mk	build-vm: try system tar2fs first	2016-11-07 19:47:53 +03:00

Michael Shigorin f293239d5b build-vm: try system tar2fs first

It's at least removing the very obvious user->root
attack through (maliciously) modifying bin/tar2fs
and waiting for it to be run; if mkimage-profiles
is installed system-wide as a package, the script
from /usr/share/mkimage-profiles will be tried so
those willing to allow vm/* build to themselves
can provide for a passwordless sudo (as described
in doc/vm.txt) to run a root-only writable script,
not user-writable.

Still not perfect but a step away from the abyss.

2016-11-07 19:47:53 +03:00

90-build-vm.mk

build-vm: try system tar2fs first

2016-11-07 19:47:53 +03:00