From owner-freebsd-security  Tue Oct  1 19:12:16 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7254C37B401
	for <security@FreeBSD.ORG>; Tue,  1 Oct 2002 19:12:15 -0700 (PDT)
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3479543E75
	for <security@FreeBSD.ORG>; Tue,  1 Oct 2002 19:12:15 -0700 (PDT)
	(envelope-from jan@caustic.org)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id g922CC793357;
	Tue, 1 Oct 2002 19:12:12 -0700 (PDT)
	(envelope-from jan@caustic.org)
Date: Tue, 1 Oct 2002 19:12:11 -0700 (PDT)
From: "f.johan.beisser" <jan@caustic.org>
To: Brian Behlendorf <brian@hyperreal.org>
Cc: Klaus Steden <klaus@compt.com>, <security@FreeBSD.ORG>
Subject: Re: tar/security best practice (was Re: RE: Is FreeBSD's tar
 susceptible to this?)
In-Reply-To: <20021001183010.E58068-100000@yez.hyperreal.org>
Message-ID: <20021001190915.K67581-100000@pogo.caustic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, 1 Oct 2002, Brian Behlendorf wrote:

> So, fix the ports system then to include a step whereby someone has to
> pause the installation process to review the output of tar before allowing
> it to proceed.

if you're installing a port, i would tend to assume it's A) from the
FreeBSD ports tree, and B) checked out, and using an md5 hash (already in
the tree) that's separate/updated by the maintainer. in this case, the
port maintainer is directly responsible for the port. of course, you have
to trust your port maintainer to not be out to cause harm.

trust does have to begin somewhere, after all.



-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message