From owner-freebsd-security Fri Nov 23 1:42:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [216.33.66.196]) by hub.freebsd.org (Postfix) with ESMTP id F216937B416 for ; Fri, 23 Nov 2001 01:42:56 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1098) id C9B7081D14; Fri, 23 Nov 2001 03:42:56 -0600 (CST) Date: Fri, 23 Nov 2001 03:42:56 -0600 From: Bill Fumerola To: Anthony Atkielski Cc: freebsd-security@FreeBSD.ORG Subject: Re: setuid on nethack? Message-ID: <20011123034256.V81711@elvis.mu.org> References: <014201c17336$40653f90$0a00000a@atkielski.com><20011122112415.B855@straylight.oblivion.bg><016001c17338$37d65240$0a00000a@atkielski.com><20011122114813.C855@straylight.oblivion.bg><016601c1733d$7a516b00$0a00000a@atkielski.com> <03a801c17399$ba011c30$0a00000a@atkielski.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <03a801c17399$ba011c30$0a00000a@atkielski.com>; from anthony@freebie.atkielski.com on Thu, Nov 22, 2001 at 10:07:42PM +0100 X-Operating-System: FreeBSD 4.4-FEARSOME-20010909 i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ removing x-post to -questions ] On Thu, Nov 22, 2001 at 10:07:42PM +0100, Anthony Atkielski wrote: > Alas! This does not make me feel warm and fuzzy! It's a good thing I'm not > installing this at a bank. good thing, indeed! if you were installing this at a bank you would clearly be underqualified to understand how to evaluate 3rd party software and the bank would have a made a huge mistake in assigning you the task. the freebsd project provides the ports tree as a build infrastructure, not as a blessed software repository. while freebsd's ports committers and security officer are very quick to respond to security fixes, often quicker then the software author(s); it would be impossible to audit 6000+ moving targets worth of install scripts and make glue. the post you responded to even pointed out that you can build the software as a normal user. only install as root, if you're truely paranoid you only have to examine the install stage for all those secret backdoors. if you still don't feel warm and fuzzy, consider codine. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org - my anger management counselor can beat up your self-affirmation therapist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message