Date: Fri, 30 Dec 2005 11:20:44 +0100 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: "Eygene A. Ryabinkin" <freebsd@rea.mbslab.kiae.ru> Cc: freebsd-current@freebsd.org, ?d?m Szilveszter <adamsz@mailpont.hu> Subject: Re: ports security (was: fetch extension - use local filename from content-disposition header) Message-ID: <20051230102044.GB855@zaphod.nitro.dk> In-Reply-To: <20051230091546.GL895@rea.mbslab.kiae.ru> References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> <20051230091546.GL895@rea.mbslab.kiae.ru>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 2005.12.30 12:15:46 +0300, Eygene A. Ryabinkin wrote: > In principle, portupgrade and make scripts can be rearranged to be started > as root, but to drop the privileges for the fetching and building via the > creation of child and the setuid() call (su will help). Was such feature > already discuissed and is it desirable? I don't remember seeing it discussed. Fetching as a non-privileged user seems like a really good idea to me. Building as non-root would be nice, but doesn't really buy you much security wise (and will possibly break at least some programs that makes silly assumptions about build as root). Note that both of these features are somewhat paranoid security features, and the risk of getting compromised by either is much smaller than getting compromised by some other much more simple vulnerability. -- Simon L. Nielsen [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDtQn8h9pcDSc1mlERAjrxAJ9wsb3VYLilJH1Z862kuY091XWTswCferA9 6hE3kq6WS+fKGPmXPBu60w0= =rni6 -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051230102044.GB855>