ports security (was: fetch extension - use local filename from content-disposition header)

Ádám Szilveszter adamsz at mailpont.hu
Fri Dec 30 03:56:53 PST 2005

On Pén, December 30, 2005 11:20 am, Simon L. Nielsen wrote:
> I don't remember seeing it discussed.  Fetching as a non-privileged
> user seems like a really good idea to me.  Building as non-root would
> be nice, but doesn't really buy you much security wise

I would be interested to hear why you think this. (I am aware of the
problems at install stage)

> (and will
> possibly break at least some programs that makes silly assumptions
> about build as root).

Yes, although we do not know how many programs are affected by this in
reality. Eg Gentoo, AFAIK does not build as root.

> Note that both of these features are somewhat paranoid security
> features, and the risk of getting compromised by either is much
> smaller than getting compromised by some other much more simple
> vulnerability.

I think that running fetch as root is really an unnecessary risk to the
system for the same reason as running a web browser or reading mail as
root is. For some, this risk is bearable. But it is not security best
practice by any stretch.


Telcsi.hu - A legújabb csengőhangok menő slágerekkel >>>
Polifónikus és normál csengőhangok >>> Animált és normál háttérképek >>>
MP3 effektek >>> http://www.telcsi.hu/index.php?prefix=VM

More information about the freebsd-current mailing list