ports security (was: fetch extension - use local filename from
content-disposition header)
Simon L. Nielsen
simon at FreeBSD.org
Fri Dec 30 02:20:47 PST 2005
On 2005.12.30 12:15:46 +0300, Eygene A. Ryabinkin wrote:
> In principle, portupgrade and make scripts can be rearranged to be started
> as root, but to drop the privileges for the fetching and building via the
> creation of child and the setuid() call (su will help). Was such feature
> already discuissed and is it desirable?
I don't remember seeing it discussed. Fetching as a non-privileged
user seems like a really good idea to me. Building as non-root would
be nice, but doesn't really buy you much security wise (and will
possibly break at least some programs that makes silly assumptions
about build as root).
Note that both of these features are somewhat paranoid security
features, and the risk of getting compromised by either is much
smaller than getting compromised by some other much more simple
vulnerability.
--
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20051230/4ae221e6/attachment.bin
More information about the freebsd-current
mailing list