[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[task #15696] Security warning at the start of Maneage
From: |
Mohammad Akhlaghi |
Subject: |
[task #15696] Security warning at the start of Maneage |
Date: |
Tue, 16 Jun 2020 22:42:44 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0 |
URL:
<https://savannah.nongnu.org/task/?15696>
Summary: Security warning at the start of Maneage
Project: Reproducible paper template
Submitted by: makhlaghi
Submitted on: Wed 17 Jun 2020 03:42:43 AM BST
Should Start On: Wed 17 Jun 2020 12:00:00 AM BST
Should be Finished on: Wed 17 Jun 2020 12:00:00 AM BST
Category: Software
Priority: 5 - Normal
Status: Postponed
Privacy: Public
Percent Complete: 0%
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Effort: 0.00
_______________________________________________________
Details:
We try our best to keep the core Maneage project as secure as possible. The
fact that it doesn't require root permissions is one such example.
However, we cannot make any promises for projects that are derived from
Maneage! For example a malicious project author may put steps deep in their
own project scripts that extract a user's private SSH keys (or other private
data) and use a network connection to send it somewhere.
Therefore it is very important the users understand this major security
implications and take the proper precautions if they don't trust the derived
project's creator.
For example one option is build a new user for the "Maneaged" project and run
the project in that user account, or to run it in a Docker container (task
#15389) or to create a virtual machine and run it there.
This task was defined during the more specific discussion of task #15694.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/task/?15696>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
- [task #15696] Security warning at the start of Maneage,
Mohammad Akhlaghi <=