From owner-freebsd-questions  Wed May 29  2:13:11 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196])
	by hub.freebsd.org (Postfix) with ESMTP id B1D9637B406
	for <questions@FreeBSD.ORG>; Wed, 29 May 2002 02:13:06 -0700 (PDT)
Received: from pc-02 (pc02.ekahuna.com [198.144.200.197])
          by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223
          ID# 0-0U10L2S100V35) with ESMTP id com
          for <questions@FreeBSD.ORG>; Wed, 29 May 2002 02:13:06 -0700
From: "Philip J. Koenig" <pjklist@ekahuna.com>
Organization: The Electric Kahuna Organization
To: questions@FreeBSD.ORG
Date: Wed, 29 May 2002 02:13:07 -0700
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: Building ports as a non priviledged user
Reply-To: pjklist@ekahuna.com
In-reply-to: <bulk.90126.20020528015921@hub.freebsd.org>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Message-ID: <20020529091306238.AAA491@empty1.ekahuna.com@pc02.ekahuna.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> Date: Tue, 28 May 2002 11:04:29 +0930 (CST)
> From: tim peters <tim@lost.net.au>
> 
> Someone else answered your question about building as non-root,
> so I'll just add this quote from http://www.irssi.org/?page=backdoor
> 
>   How do I know if I'm affected?
> 
> 	 [snip]
>          FreeBSD port isn't backdoored, as it used the .bz2 file
> 	 [snip
> 
> So if you built from ports, this doesn't affect you.  Makes you
> wonder about other ports though, doesn't it?


Guess that goes to show how important it is to secure your CVS 
mirrors. (and beware of disgruntled committers :-)

BTW I discovered an interesting utility in the ports collection, 
something that searches for any ports/programs that are statically-
linked with the old/exploitable zlib code.

	/usr/ports/find-zlib

Only funny thing is it installs as find_zlib-1.9, instead of find-
zlib-1.9.

Maybe it's a trojan.  <g>



--
Philip J. Koenig                                       pjklist@ekahuna.com
Electric Kahuna Systems -- Computers & Communications for the New Millenium


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message