Date: Fri, 23 Nov 2001 03:42:56 -0600 From: Bill Fumerola <billf@mu.org> To: Anthony Atkielski <anthony@freebie.atkielski.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: setuid on nethack? Message-ID: <20011123034256.V81711@elvis.mu.org> In-Reply-To: <03a801c17399$ba011c30$0a00000a@atkielski.com>; from anthony@freebie.atkielski.com on Thu, Nov 22, 2001 at 10:07:42PM %2B0100 References: <014201c17336$40653f90$0a00000a@atkielski.com><20011122112415.B855@straylight.oblivion.bg><016001c17338$37d65240$0a00000a@atkielski.com><20011122114813.C855@straylight.oblivion.bg><016601c1733d$7a516b00$0a00000a@atkielski.com> <g2vgg2v7vn.gg2@localhost.localdomain> <03a801c17399$ba011c30$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[ removing x-post to -questions ] On Thu, Nov 22, 2001 at 10:07:42PM +0100, Anthony Atkielski wrote: > Alas! This does not make me feel warm and fuzzy! It's a good thing I'm not > installing this at a bank. good thing, indeed! if you were installing this at a bank you would clearly be underqualified to understand how to evaluate 3rd party software and the bank would have a made a huge mistake in assigning you the task. the freebsd project provides the ports tree as a build infrastructure, not as a blessed software repository. while freebsd's ports committers and security officer are very quick to respond to security fixes, often quicker then the software author(s); it would be impossible to audit 6000+ moving targets worth of install scripts and make glue. the post you responded to even pointed out that you can build the software as a normal user. only install as root, if you're truely paranoid you only have to examine the install stage for all those secret backdoors. if you still don't feel warm and fuzzy, consider codine. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org - my anger management counselor can beat up your self-affirmation therapist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011123034256.V81711>