On Friday 30 December 2005 03:44 am, Ádám Szilveszter wrote: > On Pén, December 30, 2005 6:39 am, Barney Wolff wrote: > > What does the security officer have to say about that, if true? > > You know, there are much bigger problems than that. For example the fact, > that any vulnerability in fetch(1) or libfetch(3) is a remote root > compromise candidate on FreeBSD, because the Ports system still insists on > running it as root by default downloading distfiles from unchecked amd > potentially unsecure servers all over the Internet. This is the real > problem, imho. However, when I mentioned this on -security in a thread > (about trusting trust) all I got back was that it was difficult to make > sure that all ports build as normal user. Which of course does not explain > fetching as root at all, but hey. > > Regards and Happy New Year, > > Sz. I always build ports as myself and only install them as root. Every once in a while I run into a port that needs to have stuff from pre-install moved to pre-su-install, but for the most part if works just fine out of the box. -- John Baldwin <jhb_at_FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.orgReceived on Fri Dec 30 2005 - 12:43:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:50 UTC