Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 4 May 2000 17:00:54 +0200
From:      Neil Blakey-Milner <nbm@mithrandr.moria.org>
To:        Nick Hibma <n_hibma@calcaphon.com>
Cc:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/18373: pkg_delete shouldn't insist on root
Message-ID:  <20000504170054.A21029@mithrandr.moria.org>
In-Reply-To: <200005041450.HAA76440@freefall.freebsd.org>; from n_hibma@calcaphon.com on Thu, May 04, 2000 at 07:50:03AM -0700
References:  <200005041450.HAA76440@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu 2000-05-04 (07:50), Nick Hibma wrote:
> The following reply was made to PR bin/18373; it has been noted by GNATS.
> 
> From: Nick Hibma <n_hibma@calcaphon.com>
> To: Ben Smithurst <ben@scientia.demon.co.uk>
> Cc: FreeBSD-gnats-submit@freebsd.org
> Subject: Re: bin/18373: pkg_delete shouldn't insist on root
> Date: Thu, 4 May 2000 15:46:15 +0100 (BST)
> 
>  > It is rather inconvenient that pkg_delete(1) requires the calling user
>  > to be root, as this makes testing a port you have created hard (it
>  > seems you have to be root to allow "make deinstall" do anything).  This
>  > restriction seems unnecessary, and removing it certainly can't be a
>  > security risk.
>  
>  Example: libmm (used by a webserver) could then be deleted and the
>  webserver being brought down.

Err, without having root?  I'd love to see a non-root process delete
things it doesn't have permissions for.  This is for packages installed
by yourself, owned by you, in your own package directory.

>  It _is_ a security risk.

I don't think so, unless I missed something huge.

Neil
-- 
Neil Blakey-Milner
Hacker In Chief, Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000504170054.A21029>