Date: Mon, 7 Oct 2013 13:52:05 +0100 (BST) From: Anton Shterenlikht <mexas@bris.ac.uk> To: bsam@passap.ru, freebsd-ports@freebsd.org, m.seaman@infracaninophile.co.uk, mexas@bris.ac.uk Subject: Re: Explain staging Message-ID: <201310071252.r97Cq51N051621@mech-cluster241.men.bris.ac.uk> In-Reply-To: <5252A04F.1060906@passap.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
>From bsam@passap.ru Mon Oct 7 13:36:53 2013 > >07.10.2013 13:23, Anton Shterenlikht пишет: > >> What about "make fetch"? It puts files by default under >> ports/distfiles, which, by default, is 755: >[...] >> What about "make extract"? Same problem: > >I use svn repo owned by a user for ages. When a root rights are needed, >the ports infrastructure asks for the password. I've read a few books on unix security. The typical advice is to assume the user passwords are compromised. If I build and install from a ports tree owned by a user, I increase the chances of comromising the system, if an attacker changes some files in the ports tree, i.e. the URL in the Makefile and the checksum in distinfo. I'll then have to add this worry to my already long list. Anton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310071252.r97Cq51N051621>