ports security (was: fetch extension - use local filename from content-disposition header)

Simon L. Nielsen simon at FreeBSD.org
Fri Dec 30 02:20:47 PST 2005


On 2005.12.30 12:15:46 +0300, Eygene A. Ryabinkin wrote:
>  In principle, portupgrade and make scripts can be rearranged to be started
> as root, but to drop the privileges for the fetching and building via the
> creation of child and the setuid() call (su will help). Was such feature
> already discuissed and is it desirable?

I don't remember seeing it discussed.  Fetching as a non-privileged
user seems like a really good idea to me.  Building as non-root would
be nice, but doesn't really buy you much security wise (and will
possibly break at least some programs that makes silly assumptions
about build as root).

Note that both of these features are somewhat paranoid security
features, and the risk of getting compromised by either is much
smaller than getting compromised by some other much more simple
vulnerability.

-- 
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20051230/4ae221e6/attachment.bin


More information about the freebsd-current mailing list