fetch extension - use local filename from content-disposition
header
John Baldwin
jhb at freebsd.org
Fri Dec 30 06:04:28 PST 2005
On Friday 30 December 2005 04:36 am, Matthew Seaman wrote:
> Dag-Erling Smørgrav wrote:
> > Ádám Szilveszter <adamsz at mailpont.hu> writes:
> >>You know, there are much bigger problems than that. For example the fact,
> >>that any vulnerability in fetch(1) or libfetch(3) is a remote root
> >>compromise candidate on FreeBSD, because the Ports system still insists
> >> on running it as root by default downloading distfiles from unchecked
> >> amd potentially unsecure servers all over the Internet.
> >
> > Wrong. If you go into a ports directory and type 'make install clean'
> > as an unprivileged user, the only parts of the build that actually run
> > with root privileges are the final portions of the installation
> > sequence.
>
> Not if you, as a naive user, take a freshly installed system and an
> unmodified environment. You'll need to make a bunch of changes
> before everything will run smoothly:
>
> * Make /usr/ports/distfiles writable by user or set $DISTDIR to
> a writable directory
Yeah, I have a src:src user group that I make own /usr/src and /usr/ports and
make them group writable. I have the chown/chmod in a script I run to run
cvs update on /usr/src and /usr/ports even. I just stick myself in the src
group and then I can build ports as myself and let it use su for the install
and config steps.
> * Make /var/db/ports writable by user or set $PORT_DBDIR to a
> writable location
No, updating that is done via root as su, so you don't have to do this.
--
John Baldwin <jhb at FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve" = http://www.FreeBSD.org
More information about the freebsd-current
mailing list