From owner-freebsd-ports Wed Oct 9 12:52:27 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FF2737B401 for ; Wed, 9 Oct 2002 12:52:26 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-64-165-226-88.dsl.lsan03.pacbell.net [64.165.226.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D2A343E3B for ; Wed, 9 Oct 2002 12:52:25 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id E5D8366C7B; Wed, 9 Oct 2002 12:52:24 -0700 (PDT) Date: Wed, 9 Oct 2002 12:52:24 -0700 From: Kris Kennaway To: Edwin Groothuis Cc: freebsd-ports@freebsd.org Subject: Re: A less exploit vulnerable ports building environment Message-ID: <20021009195224.GA90601@xor.obsecurity.org> References: <20021009065757.GA7253@k7.mavetju> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline In-Reply-To: <20021009065757.GA7253@k7.mavetju> User-Agent: Mutt/1.4i Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 09, 2002 at 04:57:57PM +1000, Edwin Groothuis wrote: > Greetings, >=20 > About two months ago it was the OpenSSH distribution which was > trojaned, today it is the Sendmail distribution. Hopefully the 4.7 > CD will have the right source-tarball. Anyway, my story. Yes, this was never a problem (either case) because of the md5 sum in distinfo. > What can been done to the FreeBSD port-system to prevent malicious[sp] > code to be run as root? Right now, everything without the ports-system > is running as root. Is this required? yes and no. Is it safe? yes > and no. Can it be reduced? yes. >=20 > Is it required to run make as root? For certain parts it is, specially > the (un)install-part. For the rest it is not needed. OpenBSD put a lot of work into making their packages buildable/installable as non-root. It's a lot of work, but can be done incrementally. Have you looked into how they go about it? As you note, this only has limited benefits if you intend to install/run the ports as a privileged user, but it can mitigate a certain class of scenarios. I'd be prepared to support such an effort though. Kris --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9pIj4Wry0BWjoQKURAqxhAKD9ZKq+O0GzfCMUyRCITAE1cxum9gCeILKX Cizr/z/H7EaHfZigIXN+pvE= =HBHF -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message