[Scons-users] Does remote caching open up any security vulnerabilities?
Daniel Moody
dmoody256 at gmail.com
Thu Sep 22 15:30:20 EDT 2022
Since SCons 4.2, the ability to customize the Class used to
orchestrate pushing and pulling to/from the cache was added.
https://github.com/SCons/scons/releases/tag/4.2.0
MongoDB uses this new feature to validation to detect file corruption:
https://github.com/mongodb/mongo/blob/a711b08cf587600a4c52b4df9a2fcb9789b834f8/site_scons/site_tools/validate_cache_dir.py#L92-L133
This same concept could be used to encrypt/decrypt cache files to secure
the remote cache. Your local environment will still need to be secure.
On Thu, Sep 22, 2022 at 2:15 PM Bill Deegan <bill at baddogconsulting.com>
wrote:
>
>
> On Thu, Sep 22, 2022 at 12:03 PM Don Baldwin <donb at qti.qualcomm.com>
> wrote:
>
>> Hi,
>>
>>
>>
>> What precautions are in place to prevent someone from modifying a cached
>> file to inject nefarious code into a product?
>>
>
> Currently there are none.
> If you're building software in such an environment, you have lots of
> issues to contend with in addition to someone altering the cachedir files.
>
> Generally we don't check target file modification either (assuming nothing
> depends on a given target file as source to another builder).
> Though in that case it would just case a rebuild of the target which
> depends on it, not a specific notice that it had been modified.
>
> _Bill
> _______________________________________________
> Scons-users mailing list
> Scons-users at scons.org
> https://pairlist4.pair.net/mailman/listinfo/scons-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist4.pair.net/pipermail/scons-users/attachments/20220922/14e5f6c1/attachment-0001.htm>
More information about the Scons-users
mailing list