Date: Sat, 25 May 2002 14:44:55 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Jean-Yves Lefort <jylefort@brutele.be> Cc: Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Building ports as a non priviledged user Message-ID: <20020525144454.B61075@xor.obsecurity.org> In-Reply-To: <20020525225808.08ac014c.jylefort@brutele.be>; from jylefort@brutele.be on Sat, May 25, 2002 at 10:58:08PM %2B0200 References: <20020525225808.08ac014c.jylefort@brutele.be>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, May 25, 2002 at 10:58:08PM +0200, Jean-Yves Lefort wrote: > Hi, > > A backdoor has been found in Irssi's configure script. It compiled a > little C program which connected to some host and spawned a shell. > > Since FreeBSD ports are built as root by default, the attacker would > have gained a rootshell, instead of a non-priviledged shell. > > Is there a way to build FreeBSD ports using a non-priviledged account, > and only install them as root? A moment's thought will reveal that this actually wouldn't provide extra security, because the backdoor could just do the bad thing at install-time. You can do it if you want to though -- it should just work, assuming you have the permissions set up properly. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE88AXWWry0BWjoQKURAp15AJ42xyUIFiFSrYo0UTcqJlai1qPRuACfbZWs ek4VsSuS+BFhuOfc7wbEDjg= =sxVQ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020525144454.B61075>