Date: Sat, 25 May 2002 14:44:55 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Jean-Yves Lefort <jylefort@brutele.be> Cc: Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Building ports as a non priviledged user Message-ID: <20020525144454.B61075@xor.obsecurity.org> In-Reply-To: <20020525225808.08ac014c.jylefort@brutele.be>; from jylefort@brutele.be on Sat, May 25, 2002 at 10:58:08PM %2B0200 References: <20020525225808.08ac014c.jylefort@brutele.be>
next in thread | previous in thread | raw e-mail | index | archive | help
--uQr8t48UFsdbeI+V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 25, 2002 at 10:58:08PM +0200, Jean-Yves Lefort wrote: > Hi, >=20 > A backdoor has been found in Irssi's configure script. It compiled a > little C program which connected to some host and spawned a shell. >=20 > Since FreeBSD ports are built as root by default, the attacker would > have gained a rootshell, instead of a non-priviledged shell. >=20 > Is there a way to build FreeBSD ports using a non-priviledged account, > and only install them as root? A moment's thought will reveal that this actually wouldn't provide extra security, because the backdoor could just do the bad thing at install-time. You can do it if you want to though -- it should just work, assuming you have the permissions set up properly. Kris --uQr8t48UFsdbeI+V Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE88AXWWry0BWjoQKURAp15AJ42xyUIFiFSrYo0UTcqJlai1qPRuACfbZWs ek4VsSuS+BFhuOfc7wbEDjg= =sxVQ -----END PGP SIGNATURE----- --uQr8t48UFsdbeI+V-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020525144454.B61075>