From owner-freebsd-current@FreeBSD.ORG Fri Dec 30 11:56:53 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A3E816A41F for ; Fri, 30 Dec 2005 11:56:53 +0000 (GMT) (envelope-from adamsz@mailpont.hu) Received: from mailpont.hu (mailpont.hu [217.20.133.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA13A43D5A for ; Fri, 30 Dec 2005 11:56:52 +0000 (GMT) (envelope-from adamsz@mailpont.hu) Received: by mailpont.hu (Postfix, from userid 1005) id 226FC426D0E; Fri, 30 Dec 2005 12:56:51 +0100 (CET) Received: from www.mailpont.hu (localhost [127.0.0.1]) by mailpont.hu (Postfix) with ESMTP id E5D3D426CFB for ; Fri, 30 Dec 2005 12:56:48 +0100 (CET) Received: from 193.68.33.1 (SquirrelMail authenticated user adamsz@mailpont.hu); by www.mailpont.hu with HTTP; Fri, 30 Dec 2005 12:56:48 +0100 (CET) Message-ID: <1979.193.68.33.1.1135943808.squirrel@193.68.33.1> In-Reply-To: <20051230102044.GB855@zaphod.nitro.dk> References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> <20051230091546.GL895@rea.mbslab.kiae.ru> <20051230102044.GB855@zaphod.nitro.dk> Date: Fri, 30 Dec 2005 12:56:48 +0100 (CET) From: =?iso-8859-2?Q?=C1d=E1m_Szilveszter?= To: freebsd-current@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-2 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on prometheus X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=ham version=3.0.3 Subject: Re: ports security (was: fetch extension - use local filename from content-disposition header) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 11:56:53 -0000 On Pén, December 30, 2005 11:20 am, Simon L. Nielsen wrote: > I don't remember seeing it discussed. Fetching as a non-privileged > user seems like a really good idea to me. Building as non-root would > be nice, but doesn't really buy you much security wise I would be interested to hear why you think this. (I am aware of the problems at install stage) > (and will > possibly break at least some programs that makes silly assumptions > about build as root). Yes, although we do not know how many programs are affected by this in reality. Eg Gentoo, AFAIK does not build as root. > Note that both of these features are somewhat paranoid security > features, and the risk of getting compromised by either is much > smaller than getting compromised by some other much more simple > vulnerability. I think that running fetch as root is really an unnecessary risk to the system for the same reason as running a web browser or reading mail as root is. For some, this risk is bearable. But it is not security best practice by any stretch. Regards Sz. ------------------------------------------------------------------------ Telcsi.hu - A legújabb csengőhangok menő slágerekkel >>> Polifónikus és normál csengőhangok >>> Animált és normál háttérképek >>> MP3 effektek >>> http://www.telcsi.hu/index.php?prefix=VM