fetch extension - use local filename from content-disposition header

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Dec 30 01:37:15 PST 2005


Dag-Erling Smørgrav wrote:
> Ádám Szilveszter <adamsz at mailpont.hu> writes:
> 
>>You know, there are much bigger problems than that. For example the fact,
>>that any vulnerability in fetch(1) or libfetch(3) is a remote root
>>compromise candidate on FreeBSD, because the Ports system still insists on
>>running it as root by default downloading distfiles from unchecked amd
>>potentially unsecure servers all over the Internet. 
 
> Wrong.  If you go into a ports directory and type 'make install clean'
> as an unprivileged user, the only parts of the build that actually run
> with root privileges are the final portions of the installation
> sequence.

Not if you, as a naive user, take a freshly installed system and an
unmodified environment.  You'll need to make a bunch of changes
before everything will run smoothly:

   * Make /usr/ports/distfiles writable by user or set $DISTDIR to
     a writable directory
   * Make /var/db/ports writable by user or set $PORT_DBDIR to a 
     writable location
   * Make each port directory writable -- so the the 'work' directories
     can be created -- or set $WRKDIRPREFIX to a writable location.

And in fact, if you go on to do the same deal with $PKG_DBDIR and $PREFIX
plus set $INSTALL_AS_USER then you can install most ports entirely as a
mortal user -- the exceptions being ports that want to run mtree(8) or that
need to install programs with specific UID or GIDs.

Not setting $INSTALL_AS_USER means you'll be prompted to supply the root
password where needed at install time.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20051230/24d70ecb/signature.bin


More information about the freebsd-current mailing list