Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Dec 2005 08:45:53 -0500
From:      John Baldwin <jhb@freebsd.org>
To:        freebsd-current@freebsd.org
Cc:        Dag-Erling =?iso-8859-15?q?Sm=F8rgrav?= <des@des.no>, Matthew Seaman <m.seaman@infracaninophile.co.uk>, =?iso-8859-15?q?=C1d=E1m_Szilveszter?= <adamsz@mailpont.hu>
Subject:   Re: fetch extension - use local filename from content-disposition header
Message-ID:  <200512300845.55681.jhb@freebsd.org>
In-Reply-To: <43B4FFB2.4090203@infracaninophile.co.uk>
References:  <20051229193328.A13367@cons.org> <86irt7dk5k.fsf@xps.des.no> <43B4FFB2.4090203@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Friday 30 December 2005 04:36 am, Matthew Seaman wrote:
> Dag-Erling Sm=F8rgrav wrote:
> > =C1d=E1m Szilveszter <adamsz@mailpont.hu> writes:
> >>You know, there are much bigger problems than that. For example the fac=
t,
> >>that any vulnerability in fetch(1) or libfetch(3) is a remote root
> >>compromise candidate on FreeBSD, because the Ports system still insists
> >> on running it as root by default downloading distfiles from unchecked
> >> amd potentially unsecure servers all over the Internet.
> >
> > Wrong.  If you go into a ports directory and type 'make install clean'
> > as an unprivileged user, the only parts of the build that actually run
> > with root privileges are the final portions of the installation
> > sequence.
>
> Not if you, as a naive user, take a freshly installed system and an
> unmodified environment.  You'll need to make a bunch of changes
> before everything will run smoothly:
>
>    * Make /usr/ports/distfiles writable by user or set $DISTDIR to
>      a writable directory

Yeah, I have a src:src user group that I make own /usr/src and /usr/ports a=
nd=20
make them group writable.  I have the chown/chmod in a script I run to run=
=20
cvs update on /usr/src and /usr/ports even.  I just stick myself in the src=
=20
group and then I can build ports as myself and let it use su for the instal=
l=20
and config steps.

>    * Make /var/db/ports writable by user or set $PORT_DBDIR to a
>      writable location

No, updating that is done via root as su, so you don't have to do this.

=2D-=20
John Baldwin <jhb@FreeBSD.org> =A0<>< =A0http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve" =A0=3D =A0http://www.FreeBSD.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512300845.55681.jhb>