Date: Thu, 3 Jun 1999 10:45:21 -0700 From: Matthew Hunt <mph@astro.caltech.edu> To: Unknow User <kernel@tdnet.com.br> Cc: Bill Fumerola <billf@jade.chc-chimes.com>, freebsd-security@freebsd.org Subject: Re: SSH2 (in FreeBSD-Questions) Message-ID: <19990603104521.I58665@wopr.caltech.edu> In-Reply-To: <375693C1.68C59211@tdnet.com.br>; from Unknow User on Thu, Jun 03, 1999 at 02:40:01PM %2B0000 References: <Pine.BSF.3.96.990603133742.8776C-100000@jade.chc-chimes.com> <375693C1.68C59211@tdnet.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 03, 1999 at 02:40:01PM +0000, Unknow User wrote: > The problem is that we never now what SUID, port will install! > It happens that other has the same "false sense of security" i have: You smoke crack. How do you know what SUID binaries any software will install? You read the source! You can do exactly the same for the Ports Collection. It's all plain English (or at least plain Makefile) for your perusal. You even get a nice listing of what files were installed, so you can examine them yourself. Most source tarballs do not provide that information. I think you need to learn how the Ports Collection works before you condemn it. You clearly do not understand it all. I also think it's odd that you think we would introduce security risks into software deliberately. I mean, we're the same people who can and do change the rest of FreeBSD. Presumably you trust us to do that right, or have you read all of /usr/src? If I wanted to introduce a security hole, I'd bury it somewhere in the FreeBSD userland, not in ports, to make sure everyone got it. Sheesh. -- Matthew Hunt <mph@astro.caltech.edu> * UNIX is a lever for the http://www.pobox.com/~mph/ * intellect. -J.R. Mashey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990603104521.I58665>