HASHER(7)                          ALT Linux                         HASHER(7)



NAME
       hasher - modern safe package building technology

SYNOPSIS
       hsh [options] <path-to-workdir> <package>...

RATIONALE
       Long  ago,  when  instrumental  OS distributions made by few developers
       were small enough to be placed on a single CD with sources,  there  was
       no  real  package building technology.  Developers built their packages
       in the host system created by installing the whole OS distribution.

       Nowadays instrumental OS distributions are made by dozens  of  develop
       ers.   They  are too large to be installed wholly.  As a result, tradi
       tional package building scheme in the host system no  longer  fits  the
       requirements: it is insecure, unsafe and awkward.

REQUIREMENTS
       Modern package building technology should:

       1.     not lower the host system security;

       2.     protect itself from attacks installed by packages;

       3.     protect package builds from attacks installed by other packages;

       4.     ensure reliability of build results;

       5.     provide reasonable performance.

ARCHITECTURE
       The  hasher architecture is based on triple-user model: caller user (C)
       and two unprivileged pseudousers; the first one (R)  emulates  root  in
       the  generated build environment, the second one (U) emulates a regular
       user who builds software.

       Switching between caller user and helper users is handled by a  special
       privileged  program hasher-priv(8).  It is written with extreme caution
       to defend from attacks installed by unprivileged users.  This helper is
       also  used  to purge processes left after pseudousers, to create device
       files, and to control resources allocated for unprivileged processes to
       defend from DoS-attacks.

       In  general,  the  way  of  source  package  in hasher during the build
       process looks as follows:

       1. Generate aptbox.
              User C generates environment (aptbox) for apt.

       2. Remove build environment probably left by previous builds.
              The removal is done sequentially: inside build chroot by user U,
              inside build chroot by user R and finally outside chroot by user
              C.

       3. Generate new build chroot framework.
              User C generates the framework, which consists of helper  direc
              tories  and  statically  linked helper programs: ash(1), find(1)
              and cpio(1).  Basic device files are also created at this  point
              by  means  of  hasher-priv(8).   These devices are necessary for
              build environment and are secure for the host system.

       4. Generate basic install environment.
              This environment contains everything necessary for regular pack
              age  installs.   User  C  using  apt utilities determines set of
              packages requires to generate install environment.  User R using
              static helper programs unpacks these packages.

       5. Generate basic build environment.
              This  environment  contains  tools  required  for  every package
              build.  User C using apt utilities determines set  of  packages,
              user R installs them.

       6. Generate build environment for this particular package.
              User  U  fetches  package  build  dependencies, user C using apt
              utilities determines set of packages  to  install,  and  user  R
              installs them.

       7. Build the package.
              User U executes the build.

       These schemes are designed to eliminate attacks of the type U->R, U->C,
       R->C, and all attacks targeted to root.

       In order to increase performance essential when building a lot of pack
       ages, hasher does caching of the basic build environment.  It allows to
       skip steps 4 and 5.

AUTHOR
       Written by Dmitry V. Levin <ldv@altlinux.org>

REPORTING BUGS
       Report bugs to http://bugs.altlinux.ru/

COPYRIGHT
       Copyright  2003-2007  Dmitry V. Levin <ldv@altlinux.org>
       This is free software; see the source for copying conditions.  There is
       NO  warranty;  not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
       PURPOSE.

SEE ALSO
       hsh(1),   hasher-priv.conf(5),    hasher-priv(8),    hasher-useradd(8),
       /usr/share/doc/hasher-1.3.26/QUICKSTART.




hasher 1.3.26                    January 2007                        HASHER(7)