From owner-freebsd-current@FreeBSD.ORG Fri Dec 30 12:48:11 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECADB16A41F; Fri, 30 Dec 2005 12:48:10 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86F4E43D53; Fri, 30 Dec 2005 12:48:09 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from [IPv6:::1] (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.4/8.13.4) with ESMTP id jBUClwV2088034; Fri, 30 Dec 2005 12:47:58 GMT (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <43B52C77.2010405@infracaninophile.co.uk> Date: Fri, 30 Dec 2005 12:47:51 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051221) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Simon L. Nielsen" References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> <86irt7dk5k.fsf@xps.des.no> <43B4FFB2.4090203@infracaninophile.co.uk> <20051230100234.GA855@zaphod.nitro.dk> In-Reply-To: <20051230100234.GA855@zaphod.nitro.dk> X-Enigmail-Version: 0.93.0.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="------------enigE5BA6BC8618647749D12E3E0" X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (smtp.infracaninophile.co.uk [IPv6:::1]); Fri, 30 Dec 2005 12:47:58 +0000 (GMT) X-Virus-Scanned: ClamAV version 0.87.1, clamav-milter version 0.87 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on happy-idiot-talk.infracaninophile.co.uk Cc: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= , freebsd-current@freebsd.org, =?ISO-8859-15?Q?=C1d=E1m_Szilveszter?= Subject: Re: fetch extension - use local filename from content-disposition header X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 12:48:11 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE5BA6BC8618647749D12E3E0 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: quoted-printable Simon L. Nielsen wrote: > On 2005.12.30 09:36:50 +0000, Matthew Seaman wrote: >=20 >>Dag-Erling Sm=F8rgrav wrote: >> >>>Wrong. If you go into a ports directory and type 'make install clean'= >>>as an unprivileged user, the only parts of the build that actually run= >>>with root privileges are the final portions of the installation >>>sequence. >> >>Not if you, as a naive user, take a freshly installed system and an >>unmodified environment. You'll need to make a bunch of changes >>before everything will run smoothly: >> >> * Make /usr/ports/distfiles writable by user or set $DISTDIR to >> a writable directory >> * Make /var/db/ports writable by user or set $PORT_DBDIR to a=20 >> writable location >> * Make each port directory writable -- so the the 'work' directories >> can be created -- or set $WRKDIRPREFIX to a writable location. >=20 >=20 > It should of cause be mentioned that by doing this you have now made > it possible for "user" to gain root privileges. This might not a > problem in many cases, but people should be aware of it. 'user' would have to know the root password already in order to be able to install stuff. Is this scheme better or worse than having root do all the fetching and compiling? =20 I guess making the ports directories writable is the big no-no here. That means for instance, an ill-intentioned person could spoof you into installing software with a backdoor in it, seeing as they could download a trojanned distfile and also tweak the checksums in the port distinfo. Although I suppose being able to inject arbitrary code into make(1) by fiddling with the files under /var/db/ports is pretty bad too. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enigE5BA6BC8618647749D12E3E0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDtSx98Mjk52CukIwRA6BeAJ9eLTOe3OsHH7oSZdbeuRftmlxBPgCfUlI1 5dqkZr4MBmNyOPipcYkjW/A= =NphW -----END PGP SIGNATURE----- --------------enigE5BA6BC8618647749D12E3E0--