Date: Fri, 22 Jul 2011 09:59:29 +0100 From: Mike Clarke <jmc-freebsd2@milibyte.co.uk> To: freebsd-questions@freebsd.org Subject: Re: build ports from not a root user? Message-ID: <201107220959.29577.jmc-freebsd2@milibyte.co.uk> In-Reply-To: <20110721174558.GE7553@external.screwed.box> References: <20110721100259.GA5326@external.screwed.box> <4E28543A.5020307@my.gd> <20110721174558.GE7553@external.screwed.box>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 21 July 2011, Peter Vereshagin wrote: > As long as I saw the instructions on building from source they wre > generally all like this: > > =A0 =A0 $ cd /tarball-expanded-0.x.y > =A0 =A0 $ ./configure > =A0 =A0 $ make > =A0 =A0 $ su - > =A0 =A0 # cd /tarball-expanded-0.x.y > =A0 =A0 # make install > > That important 'su -' is omitted from the ports. And it is about the > security. But this requires /usr/ports to be writable by the non-root user and=20 creates a security risk. This cannot be overcome by limiting the=20 installation to root only because you can no longer be sure that the=20 source or installation scripts have not been tampered with by a=20 non-privileged user. =2D-=20 Mike Clarke
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107220959.29577.jmc-freebsd2>