Date: Thu, 22 Nov 2001 22:07:42 +0100 From: "Anthony Atkielski" <anthony@freebie.atkielski.com> To: "Gary W. Swearingen" <swear@blarg.net> Cc: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>, <freebsd-security@FreeBSD.ORG> Subject: Re: setuid on nethack? Message-ID: <03a801c17399$ba011c30$0a00000a@atkielski.com> References: <014201c17336$40653f90$0a00000a@atkielski.com><20011122112415.B855@straylight.oblivion.bg><016001c17338$37d65240$0a00000a@atkielski.com><20011122114813.C855@straylight.oblivion.bg><016601c1733d$7a516b00$0a00000a@atkielski.com> <g2vgg2v7vn.gg2@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
Alas! This does not make me feel warm and fuzzy! It's a good thing I'm not installing this at a bank. ----- Original Message ----- From: "Gary W. Swearingen" <swear@blarg.net> To: "Anthony Atkielski" <anthony@freebie.atkielski.com> Cc: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>; <freebsd-security@FreeBSD.ORG> Sent: Thursday, November 22, 2001 22:00 Subject: Re: setuid on nethack? > "Anthony Atkielski" <anthony@freebie.atkielski.com> writes: > > > When I add ports and stuff to my system, sometimes they are picked up from some > > bizarre FTP sites, and in cases where the executables do not have to be trusted, > > some guidelines on how better to secure them would be welcome. I know that > > often they are being rebuilt from source before installation, but it isn't > > really practical to read through the source for every port just to look for > > suspicious code. > > I've also worried about this sort of thing since learning the ports > system last winter. There's a lot of downloading and running of scripts > as root going on and it's scary, especially after you've spent many days > tring to improve your security. A few more observations on the subject: > > The main defense seems to be the fear of being tracked down by hackers > more skillful than most crackers, aided by the use of MD5 to verify that > you're installing the same thing that someone else has already installed > and found (with meager testing, sadly, but necessarily) to work OK. > > I've read of little vandalware on FreeBSD (or Linux). The risk seems > acceptable for most people, at least those who do backups. There also > might not be any less risky practical alternatives for many. > > If one learns the details of the ports system, one can do all or most of > the ports stuff as a regular user, downloading, building, and installing > to non-standard, non-root-protected directories. Someone posted some > clues about this on -questions (or -stable?) withing the last couple of > weeks, but I can't find my copy of it. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03a801c17399$ba011c30$0a00000a>