|
|
|
|
|
|
by msbarnett
3745 days ago
|
|
|
Yeah, but that's not the argument. I'm specifically responding to the parent's assertion that you wouldn't want to run audit because the list might just lie to you. That's separate from the idea that the list might be maliciously crafted to exploit an overflow and gain root privileges (which presumably could bypass signing checks) -- if your threat model involves loss of control of FreeBSD's signing keys, pkg running as root is irrelevant. You can't ever trust anything outside the box, or update at all. No binary is trustable and even if you heavily audit the source you're in trusting-trust territory. (also the only key that matters is the Security Officer's key for vuln disclosures -- not any random maintainer has signing authority) |
|
|