> In article <Pine.LNX.4.43.0112291136350.18183-100000@waste.org> you write:
> >If my understanding of the new kbuild and configure system is correct,
> >make clean and dep should be largely unnecessary and it should be possible
> >to build a patchbot that checks for incremental compilability:
> >
> >for the current kernel release:
> > unpack tree
> > build the tree with default options (unprivileged user, obviously)
>
> One thing that should not be forgotten is the risk of trojan horses
> here, in practice the Makefile is a shell script, so to apply any
> patch and the compile with it would be a bit dangerous. It might be
> possible to limit the patchbot to only accept code changes, but
> that might remove most of the benefits. Also, I don't know how much
> magic one might do with a properly crafted #include statement, such
> as "#include /etc/passwd" and then the error message will contain
> the encypted password for root (shadow passwords fix this specific
> problem, but you get the idea :-)
I think we can devise a suitably secure jail environment, possibly using
UML.
-- "Love the dolphins," she advised him. "Write by W.A.S.T.E.."- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/