[PATCH] portmaster with SU_CMD
Garrett Cooper
youshi10 at u.washington.edu
Mon Nov 12 10:25:11 PST 2007
Greg Minshall wrote:
> i'd add my two cents for being able to do builds without running as root.
Building as non-root user and then installing as root has its
caveats I would think..
Pro:
- Compiling as a non-root user and then installing as root reduces the
security risk of a possible exploit in the portmaster / base system
infrastructure.
Con:
- People with sufficient permissions (possibly caused by bad umask
settings) but without root access, can modify the binaries / recompile
files to suit their needs prior to them being installed as root (say
modify the source's logic to suit one's needs, i.e. skip a critical step
or install a hardcoded backdoor). Don't think that this isn't a problem
because many ports take a long time to compile, and as such there are
plenty of chances to inject whatever code one wants so that it's installed.
- The same goes for reinstalls, because if I knew that a user didn't
clean out their compiled sources (don't remember if portmaster does
this; portupgrade / portinstall do this though), and someone recompiled
a portion of the binaries and the maintaining user didn't check that the
binaries had been untouched since the last compile / install, they would
be in serious trouble.
It's not entirely likely but given some peoples' resources and
knowledge, and if they were either rubbed the wrong way, or wanted to
make sure they had access to the machine at all times, this would
definitely be a potential issue.
Personally, I don't really care either way because no one has access
to my machines, either locally or remotely, but I would think that these
are issues to consider before going all gung ho with this patch.
Sometimes you gotta think as a system cracker (consider security
faults), before you start thinking like a hacker (trying to fix things).
-Garrett
More information about the freebsd-ports
mailing list