From owner-freebsd-ports@FreeBSD.ORG Mon Nov 12 20:09:32 2007 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8473916A418 for ; Mon, 12 Nov 2007 20:09:32 +0000 (UTC) (envelope-from stsp@stsp.name) Received: from einhorn.in-berlin.de (einhorn.in-berlin.de [192.109.42.8]) by mx1.freebsd.org (Postfix) with ESMTP id 0FE9E13C4BC for ; Mon, 12 Nov 2007 20:09:31 +0000 (UTC) (envelope-from stsp@stsp.name) X-Envelope-From: stsp@stsp.name Received: from stsp.lan ([217.9.60.101]) (authenticated bits=128) by einhorn.in-berlin.de (8.13.6/8.13.6/Debian-1) with ESMTP id lACK9NSw025915 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 12 Nov 2007 21:09:23 +0100 Received: from jack.stsp.lan (stsp@localhost.stsp.lan [127.0.0.1]) by stsp.lan (8.14.1/8.14.1) with ESMTP id lACK9LlV012127; Mon, 12 Nov 2007 21:09:21 +0100 (CET) Received: (from stsp@localhost) by jack.stsp.lan (8.14.1/8.14.1/Submit) id lACK9K7N015815; Mon, 12 Nov 2007 21:09:20 +0100 (CET) X-Authentication-Warning: jack.stsp.lan: stsp set sender to stsp@stsp.name using -f Date: Mon, 12 Nov 2007 21:09:20 +0100 From: Stefan Sperling To: Garrett Cooper Message-ID: <20071112200920.GB639@jack.stsp.lan> References: <20071112142839.9B6095DC5@gregtx.cliq.com> <47389A53.20207@u.washington.edu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mojUlQ0s9EVzWg2t" Content-Disposition: inline In-Reply-To: <47389A53.20207@u.washington.edu> User-Agent: Mutt/1.5.16 (2007-06-09) X-Scanned-By: MIMEDefang_at_IN-Berlin_e.V. on 192.109.42.8 Cc: ports@freebsd.org Subject: Re: [PATCH] portmaster with SU_CMD X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2007 20:09:32 -0000 --mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 12, 2007 at 10:24:19AM -0800, Garrett Cooper wrote: > Greg Minshall wrote: >> i'd add my two cents for being able to do builds without running as root. > > Building as non-root user and then installing as root has its caveats = I=20 > would think.. > > Pro: > - Compiling as a non-root user and then installing as root reduces the=20 > security risk of a possible exploit in the portmaster / base system=20 > infrastructure. I myself am not hoping that not compiling as root will save my system from being cracked by Mr. Malicious, and I would not advise anyone to believe in such illusions. Think about it, make install is still vulnerable :) Compiling ports as non-root simply follows from the principle of least authority. I hope it will save me from bugs in some makefile or configure script touching files on my system it should not be touching. I could do it with portupgrade, it never hurt, now I can do it with portmaster, too. > Con: > - People with sufficient permissions (possibly caused by bad umask=20 > settings) but without root access, can modify the binaries / recompile=20 > files to suit their needs prior to them being installed as root Indeed. Of course, on a multiuser system you should take proper precautions before using portmaster with -S. I'd like to stress again that the patch does not stop anyone =66rom simply running portmaster entirely as root if desired. It's just like the -s switch portupgrade has had for ages. I wonder if there was a similar discussion about that switch when it was first introduced... --=20 stefan http://stsp.name PGP Key: 0xF59D25F0 --mojUlQ0s9EVzWg2t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (OpenBSD) iD8DBQFHOLLw5dMCc/WdJfARAm0oAKDOZXqp3Gc1GdHpZxd4eBM6bIfYzQCg0mgK s/odiHgT9C29I+H5HY0WuQo= =ByzR -----END PGP SIGNATURE----- --mojUlQ0s9EVzWg2t--