[PATCH] portmaster with SU_CMD

[Garrett Cooper]

Greg Minshall wrote:
> i'd add my two cents for being able to do builds without running as root.

    Building as non-root user and then installing as root has its 
caveats I would think..

Pro:
- Compiling as a non-root user and then installing as root reduces the 
security risk of a possible exploit in the portmaster / base system 
infrastructure.

Con:
- People with sufficient permissions (possibly caused by bad umask 
settings) but without root access, can modify the binaries / recompile 
files to suit their needs prior to them being installed as root (say 
modify the source's logic to suit one's needs, i.e. skip a critical step 
or install a hardcoded backdoor). Don't think that this isn't a problem 
because many ports take a long time to compile, and as such there are 
plenty of chances to inject whatever code one wants so that it's installed.
- The same goes for reinstalls, because if I knew that a user didn't 
clean out their compiled sources (don't remember if portmaster does 
this; portupgrade / portinstall do this though), and someone recompiled 
a portion of the binaries and the maintaining user didn't check that the 
binaries had been untouched since the last compile / install, they would 
be in serious trouble.

    It's not entirely likely but given some peoples' resources and 
knowledge, and if they were either rubbed the wrong way, or wanted to 
make sure they had access to the machine at all times, this would 
definitely be a potential issue.

    Personally, I don't really care either way because no one has access 
to my machines, either locally or remotely, but I would think that these 
are issues to consider before going all gung ho with this patch.

    Sometimes you gotta think as a system cracker (consider security 
faults), before you start thinking like a hacker (trying to fix things).

-Garrett