Date: Tue, 28 May 2002 11:04:29 +0930 (CST) From: tim peters <tim@lost.net.au> To: Jean-Yves Lefort <jylefort@brutele.be> Cc: Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Building ports as a non priviledged user Message-ID: <20020528110119.V42077-100000@marbles.lost.net.au> In-Reply-To: <20020525225808.08ac014c.jylefort@brutele.be>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 25 May 2002, Jean-Yves Lefort wrote: JL> Hi, JL> JL> A backdoor has been found in Irssi's configure script. It compiled a JL> little C program which connected to some host and spawned a shell. JL> JL> Since FreeBSD ports are built as root by default, the attacker would JL> have gained a rootshell, instead of a non-priviledged shell. Someone else answered your question about building as non-root, so I'll just add this quote from http://www.irssi.org/?page=backdoor How do I know if I'm affected? [snip] FreeBSD port isn't backdoored, as it used the .bz2 file [snip So if you built from ports, this doesn't affect you. Makes you wonder about other ports though, doesn't it? -- tim@lost.net.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020528110119.V42077-100000>