From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 09:02:55 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04B7016A422 for ; Wed, 30 Nov 2005 09:02:55 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E0CC43D45 for ; Wed, 30 Nov 2005 09:02:50 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 635D31A3C25; Wed, 30 Nov 2005 01:02:50 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 0075351314; Wed, 30 Nov 2005 04:02:48 -0500 (EST) Date: Wed, 30 Nov 2005 04:02:48 -0500 From: Kris Kennaway To: ?d?m Szilveszter Message-ID: <20051130090247.GA68049@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX" Content-Disposition: inline In-Reply-To: <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 09:02:55 -0000 --huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 30, 2005 at 09:55:24AM +0100, ?d?m Szilveszter wrote: > On Sze, November 30, 2005 12:43 am, Colin Percival mondta: > > Even before you get to that point, you have to worry about making sure > > that the build clients are secure. One possibility which worries me a > > great deal is that a trojan in the build code for a low-profile port > > (e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to > > gain control of a build client (and then insert trojans into packages > > which are built there). >=20 > Which practically begs the question: could we, pretty please, change the > defaults and stop encouraging people from downloading distfiles and > compiling them when using the ports tree as *root*? (shudder) There is > exactly zero reason for this that I can think of apart from some "well > it's more convenient that way" arguments. And of course that some ports don't build as non-root :-) If you're willing to fix them (there may be a lot), I could schedule a full port build done as non-root so you can start work. Kris --huq684BweRXVnRxX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjWq3Wry0BWjoQKURArmKAJ4isEMkIoaUSw6WYzcbuvqMLHnk9gCfVUpQ 5btEz+JfJJjKTSmhbTqnStU= =QoQw -----END PGP SIGNATURE----- --huq684BweRXVnRxX--