Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Nov 2001 03:42:56 -0600
From:      Bill Fumerola <billf@mu.org>
To:        Anthony Atkielski <anthony@freebie.atkielski.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: setuid on nethack?
Message-ID:  <20011123034256.V81711@elvis.mu.org>
In-Reply-To: <03a801c17399$ba011c30$0a00000a@atkielski.com>; from anthony@freebie.atkielski.com on Thu, Nov 22, 2001 at 10:07:42PM %2B0100
References:  <014201c17336$40653f90$0a00000a@atkielski.com><20011122112415.B855@straylight.oblivion.bg><016001c17338$37d65240$0a00000a@atkielski.com><20011122114813.C855@straylight.oblivion.bg><016601c1733d$7a516b00$0a00000a@atkielski.com> <g2vgg2v7vn.gg2@localhost.localdomain> <03a801c17399$ba011c30$0a00000a@atkielski.com>

next in thread | previous in thread | raw e-mail | index | archive | help
[ removing x-post to -questions ]

On Thu, Nov 22, 2001 at 10:07:42PM +0100, Anthony Atkielski wrote:
> Alas!  This does not make me feel warm and fuzzy!  It's a good thing I'm not
> installing this at a bank.

good thing, indeed! if you were installing this at a bank you would
clearly be underqualified to understand how to evaluate 3rd party software
and the bank would have a made a huge mistake in assigning you the task.

the freebsd project provides the ports tree as a build infrastructure,
not as a blessed software repository. while freebsd's ports committers and
security officer are very quick to respond to security fixes, often
quicker then the software author(s); it would be impossible to audit
6000+ moving targets worth of install scripts and make glue.

the post you responded to even pointed out that you can build the software
as a normal user. only install as root, if you're truely paranoid you
only have to examine the install stage for all those secret backdoors.

if you still don't feel warm and fuzzy, consider codine.

-- 
- bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org
- my anger management counselor can beat up your self-affirmation therapist



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011123034256.V81711>