This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Old machine cluster for GCC compile/testing

From: Laurent GUERBY <laurent at guerby dot net>
To: Daniel Berlin <dberlin at dberlin dot org>
Cc: Sebastian Pop <sebastian dot pop at cri dot ensmp dot fr>, gcc at gcc dot gnu dot org
Date: Tue, 09 Aug 2005 20:11:12 +0200
Subject: Re: Old machine cluster for GCC compile/testing
References: <1123536063.8058.255.camel@pc.site> <20050809090200.GA2230@napoca.cri.ensmp.fr> <1123584873.8058.283.camel@pc.site> <1123592023.3313.3.camel@linux.site>

On Tue, 2005-08-09 at 08:53 -0400, Daniel Berlin wrote:
> > Looks good. I think it would be slightly more secure to have people
> > commit the patch with a unique name in some access-controlled CVS
> > (either some subdir of the GCC one or a new local one) than relying on
> > email "From" fields at the cost of minor inconvenience.
> > 
> 
> Why bother?
> Nobody forges mails to *test patches*.  What does it buy you?

Full control of an internet connected host, your just have to provide a
patch to the gcc Makefile to append some ssh public key in $HOME/.ssh
somewhere or compile and run your favourite mini backdoor included in
the patch.

You can of course run in some jail (usermode linux or whatever) to
mitigate this.

Laurent

Follow-Ups:
- Re: Old machine cluster for GCC compile/testing
  - From: Daniel Berlin

References:
- Old machine cluster for GCC compile/testing
  - From: Laurent GUERBY
- Re: Old machine cluster for GCC compile/testing
  - From: Sebastian Pop
- Re: Old machine cluster for GCC compile/testing
  - From: Laurent GUERBY
- Re: Old machine cluster for GCC compile/testing
  - From: Daniel Berlin

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]