From owner-freebsd-questions@FreeBSD.ORG Fri Jul 22 09:28:32 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F661106564A for ; Fri, 22 Jul 2011 09:28:32 +0000 (UTC) (envelope-from jmc-freebsd2@milibyte.co.uk) Received: from relay.pcl-ipout01.plus.net (relay.pcl-ipout01.plus.net [212.159.7.99]) by mx1.freebsd.org (Postfix) with ESMTP id 0F58D8FC15 for ; Fri, 22 Jul 2011 09:28:31 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnAGALs6KU5UXeb6/2dsb2JhbABTmDmPCXeIfAK7YYY/BIcmkE+LWQ Received: from outmx05.plus.net ([84.93.230.250]) by relay.pcl-ipout01.plus.net with ESMTP; 22 Jul 2011 09:59:31 +0100 Received: from [84.92.153.232] (helo=curlew.milibyte.co.uk) by outmx05.plus.net with esmtp (Exim) id 1QkBZy-0005SN-W6 for freebsd-questions@freebsd.org; Fri, 22 Jul 2011 09:59:31 +0100 Received: by curlew.milibyte.co.uk with local (Exim 4.76) (envelope-from ) id 1QkBZx-0000wu-M7 for freebsd-questions@freebsd.org; Fri, 22 Jul 2011 09:59:29 +0100 From: Mike Clarke To: freebsd-questions@freebsd.org Date: Fri, 22 Jul 2011 09:59:29 +0100 User-Agent: KMail/1.9.10 References: <20110721100259.GA5326@external.screwed.box> <4E28543A.5020307@my.gd> <20110721174558.GE7553@external.screwed.box> In-Reply-To: <20110721174558.GE7553@external.screwed.box> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <201107220959.29577.jmc-freebsd2@milibyte.co.uk> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: jmc-freebsd2@milibyte.co.uk X-SA-Exim-Scanned: No (on curlew.milibyte.co.uk); SAEximRunCond expanded to false Subject: Re: build ports from not a root user? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jul 2011 09:28:32 -0000 On Thursday 21 July 2011, Peter Vereshagin wrote: > As long as I saw the instructions on building from source they wre > generally all like this: > > =A0 =A0 $ cd /tarball-expanded-0.x.y > =A0 =A0 $ ./configure > =A0 =A0 $ make > =A0 =A0 $ su - > =A0 =A0 # cd /tarball-expanded-0.x.y > =A0 =A0 # make install > > That important 'su -' is omitted from the ports. And it is about the > security. But this requires /usr/ports to be writable by the non-root user and=20 creates a security risk. This cannot be overcome by limiting the=20 installation to root only because you can no longer be sure that the=20 source or installation scripts have not been tampered with by a=20 non-privileged user. =2D-=20 Mike Clarke