Date: Thu, 3 Jan 2008 17:49:39 -0800 From: Jo Rhett <jrhett@svcolo.com> To: Garrett Cooper <youshi10@u.washington.edu> Cc: ports@freebsd.org Subject: Re: [PATCH] portmaster with SU_CMD Message-ID: <463AB85D-AFC9-4BFF-848F-651CE58A6F15@svcolo.com> In-Reply-To: <47389A53.20207@u.washington.edu> References: <20071112142839.9B6095DC5@gregtx.cliq.com> <47389A53.20207@u.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm sorry, Garrett. I don't follow your logic. Installing as root can leave holes, so instead you should build AND install as root? Where exactly is this more secure? On Nov 12, 2007, at 10:24 AM, Garrett Cooper wrote: > Greg Minshall wrote: >> i'd add my two cents for being able to do builds without running >> as root. > > Building as non-root user and then installing as root has its > caveats I would think.. > > Pro: > - Compiling as a non-root user and then installing as root reduces > the security risk of a possible exploit in the portmaster / base > system infrastructure. > > Con: > - People with sufficient permissions (possibly caused by bad umask > settings) but without root access, can modify the binaries / > recompile files to suit their needs prior to them being installed > as root (say modify the source's logic to suit one's needs, i.e. > skip a critical step or install a hardcoded backdoor). Don't think > that this isn't a problem because many ports take a long time to > compile, and as such there are plenty of chances to inject whatever > code one wants so that it's installed. > - The same goes for reinstalls, because if I knew that a user > didn't clean out their compiled sources (don't remember if > portmaster does this; portupgrade / portinstall do this though), > and someone recompiled a portion of the binaries and the > maintaining user didn't check that the binaries had been untouched > since the last compile / install, they would be in serious trouble. > > It's not entirely likely but given some peoples' resources and > knowledge, and if they were either rubbed the wrong way, or wanted > to make sure they had access to the machine at all times, this > would definitely be a potential issue. > > Personally, I don't really care either way because no one has > access to my machines, either locally or remotely, but I would > think that these are issues to consider before going all gung ho > with this patch. > > Sometimes you gotta think as a system cracker (consider security > faults), before you start thinking like a hacker (trying to fix > things). > > -Garrett > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports- > unsubscribe@freebsd.org" -- Jo Rhett senior geek Silicon Valley Colocation Support Phone: 408-400-0550
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?463AB85D-AFC9-4BFF-848F-651CE58A6F15>