[PATCH] portmaster with SU_CMD
jrhett at svcolo.com
Thu Jan 3 17:49:46 PST 2008
I'm sorry, Garrett. I don't follow your logic. Installing as root
can leave holes, so instead you should build AND install as root?
Where exactly is this more secure?
On Nov 12, 2007, at 10:24 AM, Garrett Cooper wrote:
> Greg Minshall wrote:
>> i'd add my two cents for being able to do builds without running
>> as root.
> Building as non-root user and then installing as root has its
> caveats I would think..
> - Compiling as a non-root user and then installing as root reduces
> the security risk of a possible exploit in the portmaster / base
> system infrastructure.
> - People with sufficient permissions (possibly caused by bad umask
> settings) but without root access, can modify the binaries /
> recompile files to suit their needs prior to them being installed
> as root (say modify the source's logic to suit one's needs, i.e.
> skip a critical step or install a hardcoded backdoor). Don't think
> that this isn't a problem because many ports take a long time to
> compile, and as such there are plenty of chances to inject whatever
> code one wants so that it's installed.
> - The same goes for reinstalls, because if I knew that a user
> didn't clean out their compiled sources (don't remember if
> portmaster does this; portupgrade / portinstall do this though),
> and someone recompiled a portion of the binaries and the
> maintaining user didn't check that the binaries had been untouched
> since the last compile / install, they would be in serious trouble.
> It's not entirely likely but given some peoples' resources and
> knowledge, and if they were either rubbed the wrong way, or wanted
> to make sure they had access to the machine at all times, this
> would definitely be a potential issue.
> Personally, I don't really care either way because no one has
> access to my machines, either locally or remotely, but I would
> think that these are issues to consider before going all gung ho
> with this patch.
> Sometimes you gotta think as a system cracker (consider security
> faults), before you start thinking like a hacker (trying to fix
> freebsd-ports at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-ports-
> unsubscribe at freebsd.org"
Silicon Valley Colocation
Support Phone: 408-400-0550
More information about the freebsd-ports