Date: Sat, 12 Jan 2002 19:03:38 -0500 From: Alan Eldridge <alane@geeksrus.net> To: Ken Stailey <kstailey@surfbest.net> Cc: FreeBSD Ports List <ports@freebsd.org> Subject: Re: ports/www/mozilla/Makefile Message-ID: <20020113000338.GA69552@wwweasel.geeksrus.net> In-Reply-To: <3C40CD26.7020702@surfbest.net> References: <3C40B663.1000108@surfbest.net> <20020112234802.GB69357@wwweasel.geeksrus.net> <3C40CD26.7020702@surfbest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 12, 2002 at 06:56:22PM -0500, Ken Stailey wrote:
>Alan Eldridge wrote:
>>The ITS way of doing things also assumes you can trust your users. I
>>am willing to make no such assumption. Those days are gone. I miss them.
>>
>Then why run an PI ITS if you don't like the way things are done there?
You run it in your own space, with your own permissions.
>>Something that requires running as root and modifying files (sharing
>>them between users, even) in the ${PREFIX} tree strikes me as a
>>BMF security problem. A disaster waiting to happen.
>>
>Can the emulator effect things outside of the vm? If not then it's an
>ITS problem not a FreeBSD one.
If the file is world writable, then the vm doesn't have to directly
do anything.
Hell, somebody can just dd a bunch of zeros on top of it to piss you
off.
How *do* multiple users share the emulator?
>The KLH-10 code probably hasn't been audited. I wonder if using setuid
>on just dpimp would be
>dangerous or not.
If you don't know what the code does, then making it setuid root is
highly irresponsible.
--
Alan Eldridge
Pmmfmffmmfmp mmmpppppffmpmfpmpppff PmpMpmMpp ppfppp MpfpffmppmppMmpFmmMpm
mfpmmmmmfpmpmpppff.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020113000338.GA69552>