From owner-freebsd-current@FreeBSD.ORG Fri Dec 30 08:44:51 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FA4416A41F for ; Fri, 30 Dec 2005 08:44:51 +0000 (GMT) (envelope-from adamsz@mailpont.hu) Received: from mailpont.hu (mailpont.hu [217.20.133.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BD0643D5D for ; Fri, 30 Dec 2005 08:44:50 +0000 (GMT) (envelope-from adamsz@mailpont.hu) Received: by mailpont.hu (Postfix, from userid 1005) id 1F332426C67; Fri, 30 Dec 2005 09:44:48 +0100 (CET) Received: from www.mailpont.hu (localhost [127.0.0.1]) by mailpont.hu (Postfix) with ESMTP id 30A3640EB27 for ; Fri, 30 Dec 2005 09:44:46 +0100 (CET) Received: from 193.68.33.1 (SquirrelMail authenticated user adamsz@mailpont.hu); by www.mailpont.hu with HTTP; Fri, 30 Dec 2005 09:44:46 +0100 (CET) Message-ID: <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> In-Reply-To: <20051230053906.GA75942@pit.databus.com> References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> Date: Fri, 30 Dec 2005 09:44:46 +0100 (CET) From: =?iso-8859-2?Q?=C1d=E1m_Szilveszter?= To: freebsd-current@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-2 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on prometheus X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=ham version=3.0.3 Subject: Re: fetch extension - use local filename from content-disposition header X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 08:44:51 -0000 On Pén, December 30, 2005 6:39 am, Barney Wolff wrote: > What does the security officer have to say about that, if true? You know, there are much bigger problems than that. For example the fact, that any vulnerability in fetch(1) or libfetch(3) is a remote root compromise candidate on FreeBSD, because the Ports system still insists on running it as root by default downloading distfiles from unchecked amd potentially unsecure servers all over the Internet. This is the real problem, imho. However, when I mentioned this on -security in a thread (about trusting trust) all I got back was that it was difficult to make sure that all ports build as normal user. Which of course does not explain fetching as root at all, but hey. Regards and Happy New Year, Sz. ------------------------------------------------------------------------ Telcsi.hu - A legújabb csengőhangok menő slágerekkel >>> Polifónikus és normál csengőhangok >>> Animált és normál háttérképek >>> MP3 effektek >>> http://www.telcsi.hu/index.php?prefix=VM