From owner-freebsd-current@FreeBSD.ORG  Fri Dec 30 10:35:14 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C688916A41F;
	Fri, 30 Dec 2005 10:35:14 +0000 (GMT)
	(envelope-from freebsd@rea.mbslab.kiae.ru)
Received: from rea.mbslab.kiae.ru (rea.mbslab.kiae.ru [144.206.177.25])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D3EA943D8D;
	Fri, 30 Dec 2005 10:35:13 +0000 (GMT)
	(envelope-from freebsd@rea.mbslab.kiae.ru)
Received: from rea.mbslab.kiae.ru (localhost [127.0.0.1])
	by rea.mbslab.kiae.ru (Postfix) with ESMTP id 7AD76BD24;
	Fri, 30 Dec 2005 13:35:11 +0300 (MSK)
Received: by rea.mbslab.kiae.ru (Postfix, from userid 1000)
	id 5718CBCBE; Fri, 30 Dec 2005 13:35:11 +0300 (MSK)
Date: Fri, 30 Dec 2005 13:35:11 +0300
From: "Eygene A. Ryabinkin" <freebsd@rea.mbslab.kiae.ru>
To: "Simon L. Nielsen" <simon@FreeBSD.org>
Message-ID: <20051230103511.GA998@rea.mbslab.kiae.ru>
References: <20051229193328.A13367@cons.org>
	<20051230021602.GA9026@pit.databus.com>
	<43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com>
	<20051229220403.A16743@cons.org>
	<20051230053906.GA75942@pit.databus.com>
	<2440.193.68.33.1.1135932286.squirrel@193.68.33.1>
	<20051230091546.GL895@rea.mbslab.kiae.ru>
	<20051230102044.GB855@zaphod.nitro.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20051230102044.GB855@zaphod.nitro.dk>
User-Agent: Mutt/1.5.11
X-AV-Checked: Yes!
Cc: ?d?m Szilveszter <adamsz@mailpont.hu>, freebsd-current@freebsd.org,
	"Eygene A. Ryabinkin" <freebsd@rea.mbslab.kiae.ru>
Subject: Re: ports security (was: fetch extension - use local filename from
	content-disposition header)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Dec 2005 10:35:14 -0000

> I don't remember seeing it discussed.  Fetching as a non-privileged
> user seems like a really good idea to me.  Building as non-root would
> be nice, but doesn't really buy you much security wise (and will
> possibly break at least some programs that makes silly assumptions
> about build as root).
 OK, I'll try to play with the build system and portupgrade to add such
functionality. Do not promise that it will be done quickly, but someday
it will.

> 
> Note that both of these features are somewhat paranoid security
> features, and the risk of getting compromised by either is much
> smaller than getting compromised by some other much more simple
> vulnerability.
 Sure. As much in the security field this is paranoid.

 Happy New Year!
-- 
 rea

BOFH excuse #147:
Party-bug in the Aloha protocol