Explain staging
Anton Shterenlikht
mexas at bris.ac.uk
Mon Oct 7 12:52:33 UTC 2013
>From bsam at passap.ru Mon Oct 7 13:36:53 2013
>
>07.10.2013 13:23, Anton Shterenlikht пишет:
>
>> What about "make fetch"? It puts files by default under
>> ports/distfiles, which, by default, is 755:
>[...]
>> What about "make extract"? Same problem:
>
>I use svn repo owned by a user for ages. When a root rights are needed,
>the ports infrastructure asks for the password.
I've read a few books on unix security.
The typical advice is to assume the user
passwords are compromised.
If I build and install from a ports tree
owned by a user, I increase the chances of
comromising the system, if an attacker
changes some files in the ports tree,
i.e. the URL in the Makefile and the checksum
in distinfo. I'll then have to add this worry
to my already long list.
Anton
More information about the freebsd-ports
mailing list