From nobody Thu Jul 28 15:08:05 2022
X-Original-To: freebsd-pkg@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LtvCr2Xvkz4X0qv
	for <freebsd-pkg@mlmmj.nyi.freebsd.org>; Thu, 28 Jul 2022 15:08:08 +0000 (UTC)
	(envelope-from bapt@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LtvCr1xGnz46fX;
	Thu, 28 Jul 2022 15:08:08 +0000 (UTC)
	(envelope-from bapt@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1659020888;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=5yibIOHYmUUp5nZs9rdzfSJIfBFT20O+mleY7f4JDgk=;
	b=ICxjhc2/2iXafoC2+cp1yaT9fvpGurx31iaQFvIxR2EmujU+c8qjiVqWHirY3pdMFZwk0z
	Q1NY1MB8KYy1GknEtDO8K+lw9nSU0KR/mbul/wOB/MQpJCIcSQdW6nYmVlNv0zXAmAMLmV
	brFGBXtOO+eXWXL/ylq1xEjhgi1OSS8DL91mFmT3BPIMx1RzDb3+uqhAwqC4uTxRwo1qQB
	lp8u7txCY9xQvqmykerVKEotPdH+rV6lqPUYMyhs9pmqYstOGe1hOy32ImqxsgJxj1qFhQ
	9ElaeVQjggr3GIM5SNKr9mFkfSIbDSxh8O2eoKaaHgBVJ/bYzQ2SZVGs/bKCRQ==
Received: from aniel.nours.eu (nours.eu [IPv6:2001:41d0:8:3a4d::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: bapt)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4LtvCr0JRGz1Ns0;
	Thu, 28 Jul 2022 15:08:08 +0000 (UTC)
	(envelope-from bapt@FreeBSD.org)
Received: by aniel.nours.eu (Postfix, from userid 1001)
	id F117CB6122; Thu, 28 Jul 2022 17:08:05 +0200 (CEST)
Date: Thu, 28 Jul 2022 17:08:05 +0200
From: Baptiste Daroussin <bapt@FreeBSD.org>
To: niko.nastonen@icloud.com
Cc: "freebsd-pkg@freebsd.org" <freebsd-pkg@FreeBSD.org>
Subject: Re: pkg and root privileges
Message-ID: <20220728150805.ixev66bv3bhdjdn4@aniel.nours.eu>
References: <0320D2DB-F61B-4F8B-B80F-D7765860283E@icloud.com>
List-Id: Binary package management and package tools discussion <freebsd-pkg.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pkg
List-Help: <mailto:freebsd-pkg+help@freebsd.org>
List-Post: <mailto:freebsd-pkg@freebsd.org>
List-Subscribe: <mailto:freebsd-pkg+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-pkg+unsubscribe@freebsd.org>
Sender: owner-freebsd-pkg@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <0320D2DB-F61B-4F8B-B80F-D7765860283E@icloud.com>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1659020888;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=5yibIOHYmUUp5nZs9rdzfSJIfBFT20O+mleY7f4JDgk=;
	b=WMgupGsR0TREnamfqLOzB/9ngH1M257gBoJd7StDqsjZwm7eU0HXu5SDzmVxEG+UmsMBuQ
	0VHV+XX54vfhrEUTUcFBksbHysWwpwX3UotUQkIhFCFbKHQTD2Pm1O/Er/sL7eqqtNn1k6
	PIzaEwohg+2j0rAc9MmYHaBpxB17W4irIQUCeUI9G6d3tqOCJNGyv+2bFCUiOPU2VFrMyk
	Fnox+MmrtvKsv0sjvX2gyXNmpDPZuvfjihOY4z9G6KhcDzLii24zxO5/pyyL17M89nx7lj
	8hj+QIlsOwE51BxjDBn7owXlb/eUXoZCTpJcngFH1QuQFB60UstkRyS9S+qG4g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659020888; a=rsa-sha256; cv=none;
	b=mAIyrGe3iIIRUkdzmWww91EJ+DdMyBn61Y+H3dIlKGAtNBwqM30rTC7i5KSoRxz8NU19gd
	F2scJzpjavqvO2QQ/1G2QEOxm3G2MTfTPASxGduhDDH0y70fH6VQg/CqHbH2WphFbKdDm6
	R9QkrnaGFcJORkPIxsvWH2EdjA0ywdovC5wX+VsJi4bNNfl0Xnk/su2xMsj2N82N75vj25
	EnbqE3cksLJHjuvi9Je5hpJXlcS4QF5OqycLuE+8EPi9YykodMc5IJ0cRrv3O/0UgE1JHA
	uqqWNPD2H0TXp3ILFjkAdJKan/NlNh0H9D2diS3eFCqKT8rcfQxkLDbBFvlgjw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

On Tue, Jul 26, 2022 at 07:15:43PM +0300, niko.nastonen@icloud.com wrote:
> Hi.
> 
> There was a recent discussion on the FreeBSD forum about security of pkg and its ability to drop root privileges when fetching packages.
> 
> I couldn’t help but notice that there was a git commit
> 
> fcceab3f with comment "drop privileges when using libfetch”
> 
> and another one
> 
> f3b0469e with comment "Stop dropping privileges when fetching as it causes more issues than it solved”.
> 
> Can I ask what kind of issues the first commit introduces and why pkg still goes out to the internet unprotected?
> 
> In case the issues are already solved by later commits, let me present a silly patch (mostly copied from fcceab3f) for branch "release-1.18” which makes fetch use nobody instead of root.
> 
> Feel free to modify it to match “the real BSD hacker standards, if applicable” :-)
> 
I am interested in the thread on the forum, if you can point it out to me.

The reason why it was dropped is because, libfetch allows to access many thing
(like ~/.netrc but not only) and many users are using such features of libfetch.

I dropped the "drop of privileges" the time to work on libfetch to make it more
friendly to the "drop of provileges" which I started but never finished.

Thank you for the reminder I will move that up on my TODO list for 1.19

Best regards,
Bapt