[Bug 224526] [security][feature suggestion] Closed source binaries need to be labeled in ports, and explicitly allowed by users

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Dec 22 18:11:39 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224526

            Bug ID: 224526
           Summary: [security][feature suggestion] Closed source binaries
                    need to be labeled in ports, and explicitly allowed by
                    users
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Ports Framework
          Assignee: portmgr at FreeBSD.org
          Reporter: yuri at freebsd.org
                CC: freebsd-ports-bugs at FreeBSD.org

The problem:
External binary executables generally present a higher security risk compared
to open source ones, because their source code can't be inspected, therefore
requiring to trust the vendor.

The users of a secure OS have the right to know what closed source software is
installed.

Suggested solution:
1. Introduce a new Makefile tag for ports: CONTAINS_CLOSED_SOURCE_BINARY=yes.
2, Introduce a new /etc/make.conf tag: TRUST_CLOSED_SOURCE_BINARY=<list of
closed source ports that are allowed>.
3. Only allow to install ports with closed source when they are waived by user
in TRUST_CLOSED_SOURCE_BINARY.
4. pkg tool, and portupgrade/portmaster should all follow this rule too.
5. Allow asterisk matching in TRUST_CLOSED_SOURCE_BINARY so that users can give
blanket trust to */linux-* ports if they want.

For example, I have x11/nvidia-driver installed which I would be inclined to
trust. Other closed source packages are possible, but they should be reviewed
by the user on case-by-case basis.
One other such port is security/1password-client. All linux ports should be
labeled with CONTAINS_CLOSED_SOURCE_BINARY=yes, because they generally contain
binaries.

This will assure users that the code they are running is trusted, and the trust
is tracked and managed.
This will be in a stark contrast with, say, Arch linux, which routinely
downloads all sorts of binaries, puts 'SKIP' for the hash to make it easy, and
potentially subjects users to security intrusions.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-ports-bugs mailing list