Date: Wed, 29 May 2002 02:13:07 -0700 From: "Philip J. Koenig" <pjklist@ekahuna.com> To: questions@FreeBSD.ORG Subject: Re: Building ports as a non priviledged user Message-ID: <20020529091306238.AAA491@empty1.ekahuna.com@pc02.ekahuna.com> In-Reply-To: <bulk.90126.20020528015921@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Tue, 28 May 2002 11:04:29 +0930 (CST) > From: tim peters <tim@lost.net.au> > > Someone else answered your question about building as non-root, > so I'll just add this quote from http://www.irssi.org/?page=backdoor > > How do I know if I'm affected? > > [snip] > FreeBSD port isn't backdoored, as it used the .bz2 file > [snip > > So if you built from ports, this doesn't affect you. Makes you > wonder about other ports though, doesn't it? Guess that goes to show how important it is to secure your CVS mirrors. (and beware of disgruntled committers :-) BTW I discovered an interesting utility in the ports collection, something that searches for any ports/programs that are statically- linked with the old/exploitable zlib code. /usr/ports/find-zlib Only funny thing is it installs as find_zlib-1.9, instead of find- zlib-1.9. Maybe it's a trojan. <g> -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020529091306238.AAA491>