fetch extension - use local filename from content-disposition header

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Dec 30 04:48:11 PST 2005

Simon L. Nielsen wrote:
> On 2005.12.30 09:36:50 +0000, Matthew Seaman wrote:
>>Dag-Erling Smørgrav wrote:
>>>Wrong.  If you go into a ports directory and type 'make install clean'
>>>as an unprivileged user, the only parts of the build that actually run
>>>with root privileges are the final portions of the installation
>>Not if you, as a naive user, take a freshly installed system and an
>>unmodified environment.  You'll need to make a bunch of changes
>>before everything will run smoothly:
>>  * Make /usr/ports/distfiles writable by user or set $DISTDIR to
>>    a writable directory
>>  * Make /var/db/ports writable by user or set $PORT_DBDIR to a 
>>    writable location
>>  * Make each port directory writable -- so the the 'work' directories
>>    can be created -- or set $WRKDIRPREFIX to a writable location.
> It should of cause be mentioned that by doing this you have now made
> it possible for "user" to gain root privileges.  This might not a
> problem in many cases, but people should be aware of it.

'user' would have to know the root password already in order to be
able to install stuff.  Is this scheme better or worse than having
root do all the fetching and compiling?  

I guess making the ports directories writable is the big no-no here.
That means for instance, an ill-intentioned person could spoof you into
installing software with a backdoor in it, seeing as they could download
a trojanned distfile and also tweak the checksums in the port distinfo.
Although I suppose being able to inject arbitrary code into make(1) by
fiddling with the files under /var/db/ports is pretty bad too.



Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20051230/4f08ed93/signature.bin

More information about the freebsd-current mailing list