From owner-freebsd-current@FreeBSD.ORG Fri Dec 30 10:20:47 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B14C616A41F for ; Fri, 30 Dec 2005 10:20:47 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id E949743D5D for ; Fri, 30 Dec 2005 10:20:45 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id F2F6D11928; Fri, 30 Dec 2005 11:20:44 +0100 (CET) Date: Fri, 30 Dec 2005 11:20:44 +0100 From: "Simon L. Nielsen" To: "Eygene A. Ryabinkin" Message-ID: <20051230102044.GB855@zaphod.nitro.dk> References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> <20051230091546.GL895@rea.mbslab.kiae.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Pd0ReVV5GZGQvF3a" Content-Disposition: inline In-Reply-To: <20051230091546.GL895@rea.mbslab.kiae.ru> User-Agent: Mutt/1.5.11 Cc: freebsd-current@freebsd.org, ?d?m Szilveszter Subject: Re: ports security (was: fetch extension - use local filename from content-disposition header) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 10:20:47 -0000 --Pd0ReVV5GZGQvF3a Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.12.30 12:15:46 +0300, Eygene A. Ryabinkin wrote: > In principle, portupgrade and make scripts can be rearranged to be start= ed > as root, but to drop the privileges for the fetching and building via the > creation of child and the setuid() call (su will help). Was such feature > already discuissed and is it desirable? I don't remember seeing it discussed. Fetching as a non-privileged user seems like a really good idea to me. Building as non-root would be nice, but doesn't really buy you much security wise (and will possibly break at least some programs that makes silly assumptions about build as root). Note that both of these features are somewhat paranoid security features, and the risk of getting compromised by either is much smaller than getting compromised by some other much more simple vulnerability. --=20 Simon L. Nielsen --Pd0ReVV5GZGQvF3a Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDtQn8h9pcDSc1mlERAjrxAJ9wsb3VYLilJH1Z862kuY091XWTswCferA9 6hE3kq6WS+fKGPmXPBu60w0= =rni6 -----END PGP SIGNATURE----- --Pd0ReVV5GZGQvF3a--