ports security (was: fetch extension - use local filename from
content-disposition header)
Ádám Szilveszter
adamsz at mailpont.hu
Fri Dec 30 03:56:53 PST 2005
On Pén, December 30, 2005 11:20 am, Simon L. Nielsen wrote:
> I don't remember seeing it discussed. Fetching as a non-privileged
> user seems like a really good idea to me. Building as non-root would
> be nice, but doesn't really buy you much security wise
I would be interested to hear why you think this. (I am aware of the
problems at install stage)
> (and will
> possibly break at least some programs that makes silly assumptions
> about build as root).
Yes, although we do not know how many programs are affected by this in
reality. Eg Gentoo, AFAIK does not build as root.
> Note that both of these features are somewhat paranoid security
> features, and the risk of getting compromised by either is much
> smaller than getting compromised by some other much more simple
> vulnerability.
I think that running fetch as root is really an unnecessary risk to the
system for the same reason as running a web browser or reading mail as
root is. For some, this risk is bearable. But it is not security best
practice by any stretch.
Regards
Sz.
------------------------------------------------------------------------
Telcsi.hu - A legújabb csengőhangok menő slágerekkel >>>
Polifónikus és normál csengőhangok >>> Animált és normál háttérképek >>>
MP3 effektek >>> http://www.telcsi.hu/index.php?prefix=VM
More information about the freebsd-current
mailing list