From owner-freebsd-ports@FreeBSD.ORG Mon Oct 7 12:52:33 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 3F5B2640 for ; Mon, 7 Oct 2013 12:52:33 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from eu1sys200aog117.obsmtp.com (eu1sys200aog117.obsmtp.com [207.126.144.143]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 95B43212E for ; Mon, 7 Oct 2013 12:52:32 +0000 (UTC) Received: from mail-we0-f181.google.com ([74.125.82.181]) (using TLSv1) by eu1sys200aob117.postini.com ([207.126.147.11]) with SMTP ID DSNKUlKuevn2Vma80ZBbXvtKltPD+mdvqsH4@postini.com; Mon, 07 Oct 2013 12:52:32 UTC Received: by mail-we0-f181.google.com with SMTP id t60so1404373wes.40 for ; Mon, 07 Oct 2013 05:52:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:message-id:to:subject:reply-to :in-reply-to; bh=R1CKtOdF1Joh11SmTO5S+MtxiS1LmRzGx/o/ENTQaV4=; b=X0lh+dls8zTwnu5XSJOpxxj4GkfJ9o5oCOOCYeMzW8IFVXVFFRpwyNkCl1tewTh9v8 0BhCHRRsC/brcc9N17u7NW0wlWcHYkq9XjrY5JXk1gLMm5wOrPuN7ZJEhfoEhEWNc624 OomgWknRZI5Dvvn+3eOW01EEdoE0Y1+QMi5X5EwCUUTric3Yy5TJz/5JFmL+n3MCygam dBO9dgQxFfMH2y8LsszrGpp2VoMiWH7aZLgTQD+h8AP7uRF9qUksRZx4YEfoAxcttgm7 FKnnaoMNqrt6Pna/2+0+dn/dj2uU15wHU9KKJwX+7wTFGYizOJ2+nh7qGYAFqQojSewS 4n4w== X-Gm-Message-State: ALoCoQlmsz1jPJdRaMIX9Xzv5NUwPOsvbUd0yM+IibCYnxpns3MgEIrxwmE2CpBOIdb8O+Fjj90oROEHM+YDUzfg3WAN0U3+6mAAPaAxryJb6NfFu0YLAX4B1tSuaD40LhFVqXYnEZmni6A/LJQWn0wY9sHnmu557h+otJ0bv+6/Jw9eHbO0f1M= X-Received: by 10.194.104.71 with SMTP id gc7mr1774960wjb.45.1381150330548; Mon, 07 Oct 2013 05:52:10 -0700 (PDT) X-Received: by 10.194.104.71 with SMTP id gc7mr1774957wjb.45.1381150330485; Mon, 07 Oct 2013 05:52:10 -0700 (PDT) Received: from mech-cluster241.men.bris.ac.uk (mech-cluster241.men.bris.ac.uk. [137.222.187.241]) by mx.google.com with ESMTPSA id b7sm39089025wiz.8.1969.12.31.16.00.00 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 07 Oct 2013 05:52:07 -0700 (PDT) Sender: Anton Shterenlikht Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.7/8.14.6) with ESMTP id r97Cq5IY051622 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 7 Oct 2013 13:52:06 +0100 (BST) (envelope-from mexas@mech-cluster241.men.bris.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.7/8.14.6/Submit) id r97Cq51N051621; Mon, 7 Oct 2013 13:52:05 +0100 (BST) (envelope-from mexas) Date: Mon, 7 Oct 2013 13:52:05 +0100 (BST) From: Anton Shterenlikht Message-Id: <201310071252.r97Cq51N051621@mech-cluster241.men.bris.ac.uk> To: bsam@passap.ru, freebsd-ports@freebsd.org, m.seaman@infracaninophile.co.uk, mexas@bris.ac.uk Subject: Re: Explain staging In-Reply-To: <5252A04F.1060906@passap.ru> X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: mexas@bris.ac.uk List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2013 12:52:33 -0000 >From bsam@passap.ru Mon Oct 7 13:36:53 2013 > >07.10.2013 13:23, Anton Shterenlikht пишет: > >> What about "make fetch"? It puts files by default under >> ports/distfiles, which, by default, is 755: >[...] >> What about "make extract"? Same problem: > >I use svn repo owned by a user for ages. When a root rights are needed, >the ports infrastructure asks for the password. I've read a few books on unix security. The typical advice is to assume the user passwords are compromised. If I build and install from a ports tree owned by a user, I increase the chances of comromising the system, if an attacker changes some files in the ports tree, i.e. the URL in the Makefile and the checksum in distinfo. I'll then have to add this worry to my already long list. Anton