build ports from not a root user?

Damien Fleuriot ml at my.gd
Thu Jul 21 15:35:09 UTC 2011


On 7/21/11 5:19 PM, Peter Vereshagin wrote:
> Oh freebsd-questions want you buy me a mersedes benz?
> 2011/07/21 16:53:58 +0200 Damien Fleuriot <ml at my.gd> => To freebsd-questions at freebsd.org :
>
> DF> > I'd like to build my ports from not a root user.
> DF> 
> DF> That is possible but exceedingly highly inconvenient.
> DF> What is the reason for doing that ?
> 
> Security. Because of the limitations the non-root user can have.
> This should decrease the probability of the bad port to ruin the system during
> the build process.
> Such a thing can be happening only in a specific conditions due to the
> particular build environment and can or can not be a subject of a port author's
> intentions.
> The good admin practice exclamates that if the task does not need the
> permission than it should not have it. Building of a a single port is certainly
> one of those situations.
> 

While compiling the port itself doesn't require root privileges,
installing it does.

This in turn means the whole "make install clean" chain requires root
privileges.

The purpose of the ports is to be an easily manageable and installable
collection of packages.

If you're not going to use the ports' installation chain, then perhaps
you should simply configure, build and install from source instead.


> DF> I can not come up with a scenario where one would want to do that.
> 
> Shall I put here the examples of the distributions those are building their
> packages from a non-root user? There should certainly be the ones.
> 
> DF> Rather than the means you'd like to use, tell us the end you're trying
> DF> to accomplish.
> 
> You mean about feature enhancement here, the what feature do I need in terms of
> functionality and how it should make me better immediately after that.
> The security isn't about ROI but it's business model is insurance.
> What I need is the more security which is about to keep my things from getting
> worse.
> But it's not a bad thing ;-)
> 

If you want security, you'll want to make /usr read-only and your
problems will go away.

If you're concerned that upgrading a port will break existing ones
because of dependencies, then use a port manager (portmanager,
portupgrade...)

If you're concerned that *compiling* a port will break the system, I
can't see how, the ports are built in a temporary directory.

If you're concerned about a port being rogue and causing malicious
commands while building it, then you shouldn't build that port at all,
even with non-root privileges.


> DF> In other terms: what are you trying to do ? (and don't tell me "building
> DF> a port as a non root user")
> DF> 
> DF> 
> DF> > How can I tell the ports system that it should su ( switch user ) before to
> DF> > build the dependencies?
> DF> 
> DF> I don't think you can.
> DF> 
> DF> 
> DF> > Can portupgrade handle this?
> DF> 
> DF> Nope.
> 
> But it seem to handle the dependencies in the every separate 'make' command?
> I suppose it should have a tweak to do the 'make install' on the every port in
> the dependencies chain in the 'su -' parameter.
> Think I will dig it out. One day.
> But I'm pretty sure there's anyone on the list who knows this from
> portupgrade's sources.
> 

But the separate commands are started with the privileges of the
currently running portupgrade process.

And since you need to be root to use portupgrade... ;)

Port managers interact with pkgdb and such, which also require root
privileges.

You do not want to tinker with that.
This is, imho, not a correct approach to security.


> DF> > Dependencies should be installed from a root user.
> DF> And the rest of your ports too.
> 
> It's not a problem that I'm asking about.
> If I install the port I know the permissions I want for this.
> But the ports system may not know that I need the separate environment details
> for building.
> I think there should be a tweak for this, either in ports or in portupgrade,
> that's a question.
> 

I don't understand your statement, perhaps you could rephrase it.


More information about the freebsd-questions mailing list