Date: 22 Nov 2001 13:00:12 -0800 From: swear@blarg.net (Gary W. Swearingen) To: "Anthony Atkielski" <anthony@freebie.atkielski.com> Cc: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>, <freebsd-security@FreeBSD.ORG> Subject: Re: setuid on nethack? Message-ID: <g2vgg2v7vn.gg2@localhost.localdomain> In-Reply-To: <016601c1733d$7a516b00$0a00000a@atkielski.com> References: <014201c17336$40653f90$0a00000a@atkielski.com> <20011122112415.B855@straylight.oblivion.bg> <016001c17338$37d65240$0a00000a@atkielski.com> <20011122114813.C855@straylight.oblivion.bg> <016601c1733d$7a516b00$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Anthony Atkielski" <anthony@freebie.atkielski.com> writes: > When I add ports and stuff to my system, sometimes they are picked up from some > bizarre FTP sites, and in cases where the executables do not have to be trusted, > some guidelines on how better to secure them would be welcome. I know that > often they are being rebuilt from source before installation, but it isn't > really practical to read through the source for every port just to look for > suspicious code. I've also worried about this sort of thing since learning the ports system last winter. There's a lot of downloading and running of scripts as root going on and it's scary, especially after you've spent many days tring to improve your security. A few more observations on the subject: The main defense seems to be the fear of being tracked down by hackers more skillful than most crackers, aided by the use of MD5 to verify that you're installing the same thing that someone else has already installed and found (with meager testing, sadly, but necessarily) to work OK. I've read of little vandalware on FreeBSD (or Linux). The risk seems acceptable for most people, at least those who do backups. There also might not be any less risky practical alternatives for many. If one learns the details of the ports system, one can do all or most of the ports stuff as a regular user, downloading, building, and installing to non-standard, non-root-protected directories. Someone posted some clues about this on -questions (or -stable?) withing the last couple of weeks, but I can't find my copy of it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?g2vgg2v7vn.gg2>