Date: Mon, 12 Nov 2007 21:09:20 +0100 From: Stefan Sperling <stsp@stsp.name> To: Garrett Cooper <youshi10@u.washington.edu> Cc: ports@freebsd.org Subject: Re: [PATCH] portmaster with SU_CMD Message-ID: <20071112200920.GB639@jack.stsp.lan> In-Reply-To: <47389A53.20207@u.washington.edu> References: <20071112142839.9B6095DC5@gregtx.cliq.com> <47389A53.20207@u.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 12, 2007 at 10:24:19AM -0800, Garrett Cooper wrote: > Greg Minshall wrote: >> i'd add my two cents for being able to do builds without running as root. > > Building as non-root user and then installing as root has its caveats = I=20 > would think.. > > Pro: > - Compiling as a non-root user and then installing as root reduces the=20 > security risk of a possible exploit in the portmaster / base system=20 > infrastructure. I myself am not hoping that not compiling as root will save my system from being cracked by Mr. Malicious, and I would not advise anyone to believe in such illusions. Think about it, make install is still vulnerable :) Compiling ports as non-root simply follows from the principle of least authority. I hope it will save me from bugs in some makefile or configure script touching files on my system it should not be touching. I could do it with portupgrade, it never hurt, now I can do it with portmaster, too. > Con: > - People with sufficient permissions (possibly caused by bad umask=20 > settings) but without root access, can modify the binaries / recompile=20 > files to suit their needs prior to them being installed as root Indeed. Of course, on a multiuser system you should take proper precautions before using portmaster with -S. I'd like to stress again that the patch does not stop anyone =66rom simply running portmaster entirely as root if desired. It's just like the -s switch portupgrade has had for ages. I wonder if there was a similar discussion about that switch when it was first introduced... --=20 stefan http://stsp.name PGP Key: 0xF59D25F0 --mojUlQ0s9EVzWg2t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (OpenBSD) iD8DBQFHOLLw5dMCc/WdJfARAm0oAKDOZXqp3Gc1GdHpZxd4eBM6bIfYzQCg0mgK s/odiHgT9C29I+H5HY0WuQo= =ByzR -----END PGP SIGNATURE----- --mojUlQ0s9EVzWg2t--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071112200920.GB639>