Date: Thu, 1 Dec 2005 04:58:36 +1100 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: Andreas Nemeth <andreas.nemeth@aporem.net> Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust Message-ID: <20051130175835.GD32006@cirb503493.alcatel.com.au> In-Reply-To: <200511301336.10782.andreas.nemeth@aporem.net> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> <200511301336.10782.andreas.nemeth@aporem.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2005-Nov-30 13:36:10 +0100, Andreas Nemeth wrote: >On Wednesday 30 November 2005 09:55, Ádám Szilveszter wrote: >> Which practically begs the question: could we, pretty please, change the >> defaults and stop encouraging people from downloading distfiles and >> compiling them when using the ports tree as *root*? > >Second that. But I feel a little uneasy about making /usr/ports/ group >writeable for wheel or giving it to a "normal" user on the system. By default, /usr/ports is used to store: - A checked-out copy of the ports tree as stored in CVS. - INDEX-* This is hard-wired in the Makefile infrastructure - Compilation/work directories - overridable with WRKDIRPREFIX - distfiles - overridable with DISTDIR - packages - overridable with PACKAGES - portupgrade's INDEX*.db - overridable with PORTS_DBDIR Rather than making /usr/ports writable by anyone other than root (if you don't want to), you can create alternative locations for distfiles, work directories (and package directories) so a normal used can download and compile ports. At one stage, editors/openoffice.org-1.1 wouldn't build if WRKDIRPREFIX was set but that has been fixed. I haven't run into any other problems (though it might be interesting for the build cluster to verify that). Note that the only ports-related file that can't be moved out of the ports tree is 'INDEX'. This is annoying (I'd like to be able to RO export /usr/ports across several FreeBSD variants) but 'make index' only uses information within the ports tree and so isn't dangerous. >And what about the +INSTALL and +DEINSTALL scripts, some ports want to run? I don't think any package management system has managed to avoid needing scripts to handle some functions. This is primarily an issue if you are installing a package because the scripts come out of your ports tree if you built the port. (AFAIK, no ports create these scripts on the fly). >Those I've seen, ensure that a certain user exists. Therefore they roam >around in /etc. And, hence, require root privileges. >BTW, those scripts fail (of course), if /tmp is mounted with the noexec >option. I think the solution to this is to set PKG_TMPDIR somewhere else. -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051130175835.GD32006>