[Scons-users] Does remote caching open up any security vulnerabilities?

Bill Deegan bill at baddogconsulting.com
Fri Sep 23 21:02:28 EDT 2022


That's not remote caching.
That's filesystem caching.
Remote caching typically means another system, over the network..


On Fri, Sep 23, 2022 at 4:59 PM Don Baldwin <donb at qti.qualcomm.com> wrote:

> RE:
>
>
>
> Nope. Remote caching definitely has been asked for and there's a PR with
> an implementation as well.
>
> But as yet not merged.
>
>
>
> I though remote caching was already supported.  It’s documented in
> scons.org (
> https://scons.org/doc/production/HTML/scons-user.html#chap-caching), and
> we have it working in some small test builds.  Is it not complete?
>
>
>
> -Don
>
>
>
> *From:* Scons-users <scons-users-bounces at scons.org> * On Behalf Of *Bill
> Deegan
> *Sent:* Friday, September 23, 2022 11:23 AM
> *To:* SCons users mailing list <scons-users at scons.org>
> *Subject:* Re: [Scons-users] Does remote caching open up any security
> vulnerabilities?
>
>
>
> *WARNING:* This email originated from outside of Qualcomm. Please be wary
> of any links or attachments, and do not enable macros.
>
> Don,
>
>
>
> If you're seriously concerned (as in this is actually happening ever)
> about malicious alteration of your cachedir in your development
> environment, then you have lots of issues..
>
> That's what I was referring to.
>
>
>
> Nope. Remote caching definitely has been asked for and there's a PR with
> an implementation as well.
>
> But as yet not merged.
>
> That predates the customizable cachedir implementation which dmoody
> mentioned.
>
>
>
> Indeed a SCons cachedir server, and plugins for (I think it's) meson's
> cachedir server would be great additions.
>
>
>
>
>
> -Bill
>
>
>
> On Thu, Sep 22, 2022 at 10:38 PM Don Baldwin <donb at qti.qualcomm.com>
> wrote:
>
> Thanks for the quick response Bill.  When you say we’ll have “lots of
> issues to contend with”, what exactly are you referring to?  Is Remote
> Caching generally thought to be more of a headache than it’s worth?
>
>
>
> Thanks,
>
> Don
>
>
>
>
>
> *From:* Scons-users <scons-users-bounces at scons.org> *On Behalf Of *Bill
> Deegan
> *Sent:* Thursday, September 22, 2022 12:15 PM
> *To:* SCons users mailing list <scons-users at scons.org>
> *Subject:* Re: [Scons-users] Does remote caching open up any security
> vulnerabilities?
>
>
>
> *WARNING:* This email originated from outside of Qualcomm. Please be wary
> of any links or attachments, and do not enable macros.
>
>
>
>
>
> On Thu, Sep 22, 2022 at 12:03 PM Don Baldwin <donb at qti.qualcomm.com>
> wrote:
>
> Hi,
>
>
>
> What precautions are in place to prevent someone from modifying a cached
> file to inject nefarious code into a product?
>
>
>
> Currently there are none.
>
> If you're building software in such an environment, you have lots of
> issues to contend with in addition to someone altering the cachedir files.
>
>
>
> Generally we don't check target file modification either (assuming nothing
> depends on a given target file as source to another builder).
>
> Though in that case it would just case a rebuild of the target which
> depends on it, not a specific notice that it had been modified.
>
>
>
> _Bill
>
> _______________________________________________
> Scons-users mailing list
> Scons-users at scons.org
> https://pairlist4.pair.net/mailman/listinfo/scons-users
>
> _______________________________________________
> Scons-users mailing list
> Scons-users at scons.org
> https://pairlist4.pair.net/mailman/listinfo/scons-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist4.pair.net/pipermail/scons-users/attachments/20220923/893bb9f5/attachment.htm>


More information about the Scons-users mailing list