[Scons-users] Does remote caching open up any security vulnerabilities?
Bill Deegan
bill at baddogconsulting.com
Fri Sep 23 14:23:04 EDT 2022
Don,
If you're seriously concerned (as in this is actually happening ever) about
malicious alteration of your cachedir in your development environment, then
you have lots of issues..
That's what I was referring to.
Nope. Remote caching definitely has been asked for and there's a PR with an
implementation as well.
But as yet not merged.
That predates the customizable cachedir implementation which dmoody
mentioned.
Indeed a SCons cachedir server, and plugins for (I think it's) meson's
cachedir server would be great additions.
-Bill
On Thu, Sep 22, 2022 at 10:38 PM Don Baldwin <donb at qti.qualcomm.com> wrote:
> Thanks for the quick response Bill. When you say we’ll have “lots of
> issues to contend with”, what exactly are you referring to? Is Remote
> Caching generally thought to be more of a headache than it’s worth?
>
>
>
> Thanks,
>
> Don
>
>
>
>
>
> *From:* Scons-users <scons-users-bounces at scons.org> * On Behalf Of *Bill
> Deegan
> *Sent:* Thursday, September 22, 2022 12:15 PM
> *To:* SCons users mailing list <scons-users at scons.org>
> *Subject:* Re: [Scons-users] Does remote caching open up any security
> vulnerabilities?
>
>
>
> *WARNING:* This email originated from outside of Qualcomm. Please be wary
> of any links or attachments, and do not enable macros.
>
>
>
>
>
> On Thu, Sep 22, 2022 at 12:03 PM Don Baldwin <donb at qti.qualcomm.com>
> wrote:
>
> Hi,
>
>
>
> What precautions are in place to prevent someone from modifying a cached
> file to inject nefarious code into a product?
>
>
>
> Currently there are none.
>
> If you're building software in such an environment, you have lots of
> issues to contend with in addition to someone altering the cachedir files.
>
>
>
> Generally we don't check target file modification either (assuming nothing
> depends on a given target file as source to another builder).
>
> Though in that case it would just case a rebuild of the target which
> depends on it, not a specific notice that it had been modified.
>
>
>
> _Bill
> _______________________________________________
> Scons-users mailing list
> Scons-users at scons.org
> https://pairlist4.pair.net/mailman/listinfo/scons-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist4.pair.net/pipermail/scons-users/attachments/20220923/0979da03/attachment-0001.htm>
More information about the Scons-users
mailing list