From owner-freebsd-ports@FreeBSD.ORG Mon Nov 12 18:25:11 2007 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B47BD16A418; Mon, 12 Nov 2007 18:25:11 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout5.cac.washington.edu (mxout5.cac.washington.edu [140.142.32.135]) by mx1.freebsd.org (Postfix) with ESMTP id 7964A13C4B8; Mon, 12 Nov 2007 18:25:11 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.7] (may be forged)) by mxout5.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW07.09) with ESMTP id lACIOxPq020207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 12 Nov 2007 10:24:59 -0800 X-Auth-Received: from [127.0.0.1] (cs213-73.fsmodem.washington.edu [140.142.173.74]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW07.09) with ESMTP id lACIOqBU021553 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 12 Nov 2007 10:24:54 -0800 Message-ID: <47389A53.20207@u.washington.edu> Date: Mon, 12 Nov 2007 10:24:19 -0800 From: Garrett Cooper User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Greg Minshall References: <20071112142839.9B6095DC5@gregtx.cliq.com> In-Reply-To: <20071112142839.9B6095DC5@gregtx.cliq.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-PMX-Version: 5.3.3.310218, Antispam-Engine: 2.5.2.313940, Antispam-Data: 2007.11.12.100948 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Cc: ports@freebsd.org, Doug Barton , Stefan Sperling Subject: Re: [PATCH] portmaster with SU_CMD X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2007 18:25:11 -0000 Greg Minshall wrote: > i'd add my two cents for being able to do builds without running as root. Building as non-root user and then installing as root has its caveats I would think.. Pro: - Compiling as a non-root user and then installing as root reduces the security risk of a possible exploit in the portmaster / base system infrastructure. Con: - People with sufficient permissions (possibly caused by bad umask settings) but without root access, can modify the binaries / recompile files to suit their needs prior to them being installed as root (say modify the source's logic to suit one's needs, i.e. skip a critical step or install a hardcoded backdoor). Don't think that this isn't a problem because many ports take a long time to compile, and as such there are plenty of chances to inject whatever code one wants so that it's installed. - The same goes for reinstalls, because if I knew that a user didn't clean out their compiled sources (don't remember if portmaster does this; portupgrade / portinstall do this though), and someone recompiled a portion of the binaries and the maintaining user didn't check that the binaries had been untouched since the last compile / install, they would be in serious trouble. It's not entirely likely but given some peoples' resources and knowledge, and if they were either rubbed the wrong way, or wanted to make sure they had access to the machine at all times, this would definitely be a potential issue. Personally, I don't really care either way because no one has access to my machines, either locally or remotely, but I would think that these are issues to consider before going all gung ho with this patch. Sometimes you gotta think as a system cracker (consider security faults), before you start thinking like a hacker (trying to fix things). -Garrett