[PATCH] portmaster with SU_CMD

Jo Rhett jrhett at svcolo.com
Thu Jan 3 17:49:46 PST 2008 

I'm sorry, Garrett.  I don't follow your logic.  Installing as root  
can leave holes, so instead you should build AND install as root?   
Where exactly is this more secure?

On Nov 12, 2007, at 10:24 AM, Garrett Cooper wrote:
> Greg Minshall wrote:
>> i'd add my two cents for being able to do builds without running  
>> as root.
>
>    Building as non-root user and then installing as root has its  
> caveats I would think..
>
> Pro:
> - Compiling as a non-root user and then installing as root reduces  
> the security risk of a possible exploit in the portmaster / base  
> system infrastructure.
>
> Con:
> - People with sufficient permissions (possibly caused by bad umask  
> settings) but without root access, can modify the binaries /  
> recompile files to suit their needs prior to them being installed  
> as root (say modify the source's logic to suit one's needs, i.e.  
> skip a critical step or install a hardcoded backdoor). Don't think  
> that this isn't a problem because many ports take a long time to  
> compile, and as such there are plenty of chances to inject whatever  
> code one wants so that it's installed.
> - The same goes for reinstalls, because if I knew that a user  
> didn't clean out their compiled sources (don't remember if  
> portmaster does this; portupgrade / portinstall do this though),  
> and someone recompiled a portion of the binaries and the  
> maintaining user didn't check that the binaries had been untouched  
> since the last compile / install, they would be in serious trouble.
>
>    It's not entirely likely but given some peoples' resources and  
> knowledge, and if they were either rubbed the wrong way, or wanted  
> to make sure they had access to the machine at all times, this  
> would definitely be a potential issue.
>
>    Personally, I don't really care either way because no one has  
> access to my machines, either locally or remotely, but I would  
> think that these are issues to consider before going all gung ho  
> with this patch.
>
>    Sometimes you gotta think as a system cracker (consider security  
> faults), before you start thinking like a hacker (trying to fix  
> things).
>
> -Garrett
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports- 
> unsubscribe at freebsd.org"

-- 
Jo Rhett
senior geek

Silicon Valley Colocation
Support Phone: 408-400-0550

More information about the freebsd-ports mailing list