Dag-Erling Smřrgrav wrote: > Ádám Szilveszter <adamsz_at_mailpont.hu> writes: > >>You know, there are much bigger problems than that. For example the fact, >>that any vulnerability in fetch(1) or libfetch(3) is a remote root >>compromise candidate on FreeBSD, because the Ports system still insists on >>running it as root by default downloading distfiles from unchecked amd >>potentially unsecure servers all over the Internet. > Wrong. If you go into a ports directory and type 'make install clean' > as an unprivileged user, the only parts of the build that actually run > with root privileges are the final portions of the installation > sequence. Not if you, as a naive user, take a freshly installed system and an unmodified environment. You'll need to make a bunch of changes before everything will run smoothly: * Make /usr/ports/distfiles writable by user or set $DISTDIR to a writable directory * Make /var/db/ports writable by user or set $PORT_DBDIR to a writable location * Make each port directory writable -- so the the 'work' directories can be created -- or set $WRKDIRPREFIX to a writable location. And in fact, if you go on to do the same deal with $PKG_DBDIR and $PREFIX plus set $INSTALL_AS_USER then you can install most ports entirely as a mortal user -- the exceptions being ports that want to run mtree(8) or that need to install programs with specific UID or GIDs. Not setting $INSTALL_AS_USER means you'll be prompted to supply the root password where needed at install time. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:50 UTC