Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Nov 2001 22:07:42 +0100
From:      "Anthony Atkielski" <anthony@freebie.atkielski.com>
To:        "Gary W. Swearingen" <swear@blarg.net>
Cc:        "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>, <freebsd-security@FreeBSD.ORG>
Subject:   Re: setuid on nethack?
Message-ID:  <03a801c17399$ba011c30$0a00000a@atkielski.com>
References:  <014201c17336$40653f90$0a00000a@atkielski.com><20011122112415.B855@straylight.oblivion.bg><016001c17338$37d65240$0a00000a@atkielski.com><20011122114813.C855@straylight.oblivion.bg><016601c1733d$7a516b00$0a00000a@atkielski.com> <g2vgg2v7vn.gg2@localhost.localdomain>

next in thread | previous in thread | raw e-mail | index | archive | help
Alas!  This does not make me feel warm and fuzzy!  It's a good thing I'm not
installing this at a bank.

----- Original Message -----
From: "Gary W. Swearingen" <swear@blarg.net>
To: "Anthony Atkielski" <anthony@freebie.atkielski.com>
Cc: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>;
<freebsd-security@FreeBSD.ORG>
Sent: Thursday, November 22, 2001 22:00
Subject: Re: setuid on nethack?


> "Anthony Atkielski" <anthony@freebie.atkielski.com> writes:
>
> > When I add ports and stuff to my system, sometimes they are picked up from
some
> > bizarre FTP sites, and in cases where the executables do not have to be
trusted,
> > some guidelines on how better to secure them would be welcome.  I know that
> > often they are being rebuilt from source before installation, but it isn't
> > really practical to read through the source for every port just to look for
> > suspicious code.
>
> I've also worried about this sort of thing since learning the ports
> system last winter.  There's a lot of downloading and running of scripts
> as root going on and it's scary, especially after you've spent many days
> tring to improve your security.  A few more observations on the subject:
>
> The main defense seems to be the fear of being tracked down by hackers
> more skillful than most crackers, aided by the use of MD5 to verify that
> you're installing the same thing that someone else has already installed
> and found (with meager testing, sadly, but necessarily) to work OK.
>
> I've read of little vandalware on FreeBSD (or Linux).  The risk seems
> acceptable for most people, at least those who do backups.  There also
> might not be any less risky practical alternatives for many.
>
> If one learns the details of the ports system, one can do all or most of
> the ports stuff as a regular user, downloading, building, and installing
> to non-standard, non-root-protected directories.  Someone posted some
> clues about this on -questions (or -stable?) withing the last couple of
> weeks, but I can't find my copy of it.
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03a801c17399$ba011c30$0a00000a>