[Scons-users] Does remote caching open up any security vulnerabilities?
Don Baldwin
donb at qti.qualcomm.com
Fri Sep 23 19:58:54 EDT 2022
RE:
Nope. Remote caching definitely has been asked for and there's a PR with an implementation as well.
But as yet not merged.
I though remote caching was already supported. It’s documented in scons.org (https://scons.org/doc/production/HTML/scons-user.html#chap-caching), and we have it working in some small test builds. Is it not complete?
-Don
From: Scons-users <scons-users-bounces at scons.org> On Behalf Of Bill Deegan
Sent: Friday, September 23, 2022 11:23 AM
To: SCons users mailing list <scons-users at scons.org>
Subject: Re: [Scons-users] Does remote caching open up any security vulnerabilities?
WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
Don,
If you're seriously concerned (as in this is actually happening ever) about malicious alteration of your cachedir in your development environment, then you have lots of issues..
That's what I was referring to.
Nope. Remote caching definitely has been asked for and there's a PR with an implementation as well.
But as yet not merged.
That predates the customizable cachedir implementation which dmoody mentioned.
Indeed a SCons cachedir server, and plugins for (I think it's) meson's cachedir server would be great additions.
-Bill
On Thu, Sep 22, 2022 at 10:38 PM Don Baldwin <donb at qti.qualcomm.com<mailto:donb at qti.qualcomm.com>> wrote:
Thanks for the quick response Bill. When you say we’ll have “lots of issues to contend with”, what exactly are you referring to? Is Remote Caching generally thought to be more of a headache than it’s worth?
Thanks,
Don
From: Scons-users <scons-users-bounces at scons.org<mailto:scons-users-bounces at scons.org>> On Behalf Of Bill Deegan
Sent: Thursday, September 22, 2022 12:15 PM
To: SCons users mailing list <scons-users at scons.org<mailto:scons-users at scons.org>>
Subject: Re: [Scons-users] Does remote caching open up any security vulnerabilities?
WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
On Thu, Sep 22, 2022 at 12:03 PM Don Baldwin <donb at qti.qualcomm.com<mailto:donb at qti.qualcomm.com>> wrote:
Hi,
What precautions are in place to prevent someone from modifying a cached file to inject nefarious code into a product?
Currently there are none.
If you're building software in such an environment, you have lots of issues to contend with in addition to someone altering the cachedir files.
Generally we don't check target file modification either (assuming nothing depends on a given target file as source to another builder).
Though in that case it would just case a rebuild of the target which depends on it, not a specific notice that it had been modified.
_Bill
_______________________________________________
Scons-users mailing list
Scons-users at scons.org<mailto:Scons-users at scons.org>
https://pairlist4.pair.net/mailman/listinfo/scons-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist4.pair.net/pipermail/scons-users/attachments/20220923/c7d15f9d/attachment-0001.htm>
More information about the Scons-users
mailing list