From owner-freebsd-current@FreeBSD.ORG Fri Dec 30 09:11:25 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF02516A41F for ; Fri, 30 Dec 2005 09:11:25 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DA9C43D53 for ; Fri, 30 Dec 2005 09:11:25 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id 7696920AA; Fri, 30 Dec 2005 10:11:20 +0100 (CET) X-Spam-Tests: AWL,BAYES_00,FORGED_RCVD_HELO X-Spam-Learn: ham X-Spam-Score: -3.2/3.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on tim.des.no Received: from xps.des.no (des.no [80.203.243.180]) by tim.des.no (Postfix) with ESMTP id ED5FF20A8; Fri, 30 Dec 2005 10:11:19 +0100 (CET) Received: by xps.des.no (Postfix, from userid 1001) id D9C7D33C3E; Fri, 30 Dec 2005 10:11:19 +0100 (CET) To: =?iso-8859-1?q?=C1d=E1m_Szilveszter?= References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) Date: Fri, 30 Dec 2005 10:11:19 +0100 In-Reply-To: <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> =?iso-8859-1?q?=28=C1d=E1m?= Szilveszter's message of "Fri, 30 Dec 2005 09:44:46 +0100 (CET)") Message-ID: <86irt7dk5k.fsf@xps.des.no> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-current@freebsd.org Subject: Re: fetch extension - use local filename from content-disposition header X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 09:11:26 -0000 =C1d=E1m Szilveszter writes: > You know, there are much bigger problems than that. For example the fact, > that any vulnerability in fetch(1) or libfetch(3) is a remote root > compromise candidate on FreeBSD, because the Ports system still insists on > running it as root by default downloading distfiles from unchecked amd > potentially unsecure servers all over the Internet. Wrong. If you go into a ports directory and type 'make install clean' as an unprivileged user, the only parts of the build that actually run with root privileges are the final portions of the installation sequence. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no