On Friday 30 December 2005 04:36 am, Matthew Seaman wrote: > Dag-Erling Smřrgrav wrote: > > Ádám Szilveszter <adamsz_at_mailpont.hu> writes: > >>You know, there are much bigger problems than that. For example the fact, > >>that any vulnerability in fetch(1) or libfetch(3) is a remote root > >>compromise candidate on FreeBSD, because the Ports system still insists > >> on running it as root by default downloading distfiles from unchecked > >> amd potentially unsecure servers all over the Internet. > > > > Wrong. If you go into a ports directory and type 'make install clean' > > as an unprivileged user, the only parts of the build that actually run > > with root privileges are the final portions of the installation > > sequence. > > Not if you, as a naive user, take a freshly installed system and an > unmodified environment. You'll need to make a bunch of changes > before everything will run smoothly: > > * Make /usr/ports/distfiles writable by user or set $DISTDIR to > a writable directory Yeah, I have a src:src user group that I make own /usr/src and /usr/ports and make them group writable. I have the chown/chmod in a script I run to run cvs update on /usr/src and /usr/ports even. I just stick myself in the src group and then I can build ports as myself and let it use su for the install and config steps. > * Make /var/db/ports writable by user or set $PORT_DBDIR to a > writable location No, updating that is done via root as su, so you don't have to do this. -- John Baldwin <jhb_at_FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.orgReceived on Fri Dec 30 2005 - 13:04:28 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:50 UTC