Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 22 Jul 2011 09:59:29 +0100
From:      Mike Clarke <jmc-freebsd2@milibyte.co.uk>
To:        freebsd-questions@freebsd.org
Subject:   Re: build ports from not a root user?
Message-ID:  <201107220959.29577.jmc-freebsd2@milibyte.co.uk>
In-Reply-To: <20110721174558.GE7553@external.screwed.box>
References:  <20110721100259.GA5326@external.screwed.box> <4E28543A.5020307@my.gd> <20110721174558.GE7553@external.screwed.box>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Thursday 21 July 2011, Peter Vereshagin wrote:

> As long as I saw the instructions on building from source they wre
> generally all like this:
>
> =A0 =A0 $ cd /tarball-expanded-0.x.y
> =A0 =A0 $ ./configure
> =A0 =A0 $ make
> =A0 =A0 $ su -
> =A0 =A0 # cd /tarball-expanded-0.x.y
> =A0 =A0 # make install
>
> That important 'su -' is omitted from the ports. And it is about the
> security.

But this requires /usr/ports to be writable by the non-root user and=20
creates a security risk. This cannot be overcome by limiting the=20
installation to root only because you can no longer be sure that the=20
source or installation scripts have not been tampered with by a=20
non-privileged user.

=2D-=20
Mike Clarke



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?201107220959.29577.jmc-freebsd2>