From owner-freebsd-questions@FreeBSD.ORG Thu Sep 2 06:37:34 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 682D816A4D1 for ; Thu, 2 Sep 2004 06:37:34 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id F07BF43D2D for ; Thu, 2 Sep 2004 06:37:32 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i826bOOb067963 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 2 Sep 2004 07:37:24 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)i826bMIj067879; Thu, 2 Sep 2004 07:37:22 +0100 (BST) (envelope-from matthew) Date: Thu, 2 Sep 2004 07:37:22 +0100 From: Matthew Seaman To: messmate Message-ID: <20040902063722.GA18819@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , messmate , Luke Kearney , freebsd-questions-en References: <20040901153209.4064d9e8@eric.placeverte.home> <4135E2E7.6050607@bah.homeip.net> <20040901235151.8496.LUKEK@meibin.net> <20040901232125.3b741b9c@eric.placeverte.home> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN" Content-Disposition: inline In-Reply-To: <20040901232125.3b741b9c@eric.placeverte.home> User-Agent: Mutt/1.4.2.1i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6 (smtp.infracaninophile.co.uk [IPv6:::1]); Thu, 02 Sep 2004 07:37:24 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040705, clamav-milter version 0.74a on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions-en Subject: Re: parts of ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2004 06:37:34 -0000 --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 01, 2004 at 11:21:25PM +0200, messmate wrote: > On Wed, 01 Sep 2004 23:54:10 +0900 > Luke Kearney wrote: >=20 > > > >On Wed, 01 Sep 2004 16:55:35 +0200 > >"B.Hansson" spake thus: > >> messmate skrev: > >> > is there a way to install only parts of the ports tree to set=20 > >> > them up ? The ports tree takes 237M up :( > >> Yes. tar -zxvf ports.tar.gz path/to/port/you/want/to/install > >> That's how I did it. See to it that you have Mk, Templates and such=20 > >> directorys in your /usr/ports dir. > Why is it so insecure have the ports installed ? > When downloading (cvs) i presume ? In general it's not particularly insecure to have the ports tree, or bits of it, installed. However the OP was talking about building a highly secure firewall type system. The idea is to avoid giving an attacker a really handy way of installing any extra software they might want. Not that is makes a huge amount of difference, as when an attacker has achieved that degree of control over the machine, basically all is already lost. Presumably they'll just upload whatever packages they want. In the end, it's a matter of personal preference and the availability of disk space whether you install the ports or not. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --J/dobhs11T7y2rNN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBNr+iiD657aJF7eIRAoaUAJ9XRc9VwEDXsCWqn8+LZt/tpm0jTACdFyhq vwuu9qKnSAeno9PVtZ4rZZk= =6VKA -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN--