From owner-freebsd-security Thu Nov 22 13: 8: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from freebie.atkielski.com (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by hub.freebsd.org (Postfix) with ESMTP id 307F237B405; Thu, 22 Nov 2001 13:07:52 -0800 (PST) Received: from contactdish (win.atkielski.com [10.0.0.10]) by freebie.atkielski.com (8.11.3/8.11.3) with SMTP id fAML7gJ01176; Thu, 22 Nov 2001 22:07:42 +0100 (CET) (envelope-from anthony@freebie.atkielski.com) Message-ID: <03a801c17399$ba011c30$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "Gary W. Swearingen" Cc: "FreeBSD Questions" , References: <014201c17336$40653f90$0a00000a@atkielski.com><20011122112415.B855@straylight.oblivion.bg><016001c17338$37d65240$0a00000a@atkielski.com><20011122114813.C855@straylight.oblivion.bg><016601c1733d$7a516b00$0a00000a@atkielski.com> Subject: Re: setuid on nethack? Date: Thu, 22 Nov 2001 22:07:42 +0100 Organization: Anthony's Home Page (development site) MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Alas! This does not make me feel warm and fuzzy! It's a good thing I'm not installing this at a bank. ----- Original Message ----- From: "Gary W. Swearingen" To: "Anthony Atkielski" Cc: "FreeBSD Questions" ; Sent: Thursday, November 22, 2001 22:00 Subject: Re: setuid on nethack? > "Anthony Atkielski" writes: > > > When I add ports and stuff to my system, sometimes they are picked up from some > > bizarre FTP sites, and in cases where the executables do not have to be trusted, > > some guidelines on how better to secure them would be welcome. I know that > > often they are being rebuilt from source before installation, but it isn't > > really practical to read through the source for every port just to look for > > suspicious code. > > I've also worried about this sort of thing since learning the ports > system last winter. There's a lot of downloading and running of scripts > as root going on and it's scary, especially after you've spent many days > tring to improve your security. A few more observations on the subject: > > The main defense seems to be the fear of being tracked down by hackers > more skillful than most crackers, aided by the use of MD5 to verify that > you're installing the same thing that someone else has already installed > and found (with meager testing, sadly, but necessarily) to work OK. > > I've read of little vandalware on FreeBSD (or Linux). The risk seems > acceptable for most people, at least those who do backups. There also > might not be any less risky practical alternatives for many. > > If one learns the details of the ports system, one can do all or most of > the ports stuff as a regular user, downloading, building, and installing > to non-standard, non-root-protected directories. Someone posted some > clues about this on -questions (or -stable?) withing the last couple of > weeks, but I can't find my copy of it. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message