Date: Mon, 7 Oct 2013 15:36:08 +0200 From: Daniel Nebdal <dnebdal@gmail.com> To: mexas@bris.ac.uk Cc: Boris Samorodov <bsam@passap.ru>, Ports FreeBSD <freebsd-ports@freebsd.org> Subject: Re: Explain staging Message-ID: <CA%2Bt49PKZ-s6HHakWu6BiZFBRX_Hy27uxKQ%2BJuneA8YizbGNO%2Bw@mail.gmail.com> In-Reply-To: <201310071252.r97Cq51N051621@mech-cluster241.men.bris.ac.uk> References: <5252A04F.1060906@passap.ru> <201310071252.r97Cq51N051621@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 7, 2013 at 2:52 PM, Anton Shterenlikht <mexas@bris.ac.uk> wrote= : > >From bsam@passap.ru Mon Oct 7 13:36:53 2013 >> >>07.10.2013 13:23, Anton Shterenlikht =D0=C9=DB=C5=D4: >> >>> What about "make fetch"? It puts files by default under >>> ports/distfiles, which, by default, is 755: >>[...] >>> What about "make extract"? Same problem: >> >>I use svn repo owned by a user for ages. When a root rights are needed, >>the ports infrastructure asks for the password. > > I've read a few books on unix security. > The typical advice is to assume the user > passwords are compromised. > If I build and install from a ports tree > owned by a user, I increase the chances of > comromising the system, if an attacker > changes some files in the ports tree, > i.e. the URL in the Makefile and the checksum > in distinfo. I'll then have to add this worry > to my already long list. > > Anton > If that happens to an account used by an admin, don't you have larger worri= es? Let's say : * You have an account with no special privileges, that you typically log in with. * That account has a ports tree * You typically install ports by compiling them as this user, then installing them with root privileges. If you use sudo, and you haven't used targetpw or something to make it ask for a different password, and you haven't set any strong limits on it, anyone that got your password would also be able to use sudo to do whatever they wanted more directly. So let's assume you're not doing that. An attacker with your password could meddle with your .profile or .cshrc or whatever, and replace your shell with a lookalike that logged all input. From there, they could get hold of whatever commands and passwords you use to install software, and reuse that to install whatever they want directly. If what you use is sudo, somehow restricted to only run make install, and only within that ports tree ... again, what would keep an attacker from just modifying any random port on the fly, installing it there and then, and then reverting the changes to reduce the risk of detection? It just seems like leaving a timebomb in the form of a modified ports directory would be a fairly inefficient thing to do if they'd already gotten that far., and it would run the risk of being overwritten and/or detected next time you updated your ports tree. Of course, if you set the ports tree a+w (or, heaven forbid, 0777), you'd be asking for trouble ... but that's not new. Then again, I might have overlooked something. :) --=20 Daniel Nebdal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bt49PKZ-s6HHakWu6BiZFBRX_Hy27uxKQ%2BJuneA8YizbGNO%2Bw>