Date: Thu, 10 Oct 2002 01:13:15 +0000 (UTC) From: naddy@mips.inka.de (Christian Weisgerber) To: freebsd-ports@freebsd.org Subject: Re: A less exploit vulnerable ports building environment Message-ID: <ao2k7b$2lv2$1@kemoauc.mips.inka.de> References: <20021009065757.GA7253@k7.mavetju> <20021009195224.GA90601@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway <kris@obsecurity.org> wrote: > OpenBSD put a lot of work into making their packages > buildable/installable as non-root. Not quite. The configure/build steps can be run as a normal user, but the installation into the fake root requires superuser privileges. The fake root contents are then tar'ed up into a package. Installing the package also requires root. The advantages to this approach are that the installation into the fake root doesn't affect the running system, and that package production is an integral part of the process and not a neglected additional step. The gain in security is rather less pronounced. (Put your trojan into the Makefile install target, rather than into configure.) -- Christian "naddy" Weisgerber naddy@mips.inka.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ao2k7b$2lv2$1>