Date: Fri, 30 Dec 2005 13:35:11 +0300 From: "Eygene A. Ryabinkin" <freebsd@rea.mbslab.kiae.ru> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: ?d?m Szilveszter <adamsz@mailpont.hu>, freebsd-current@freebsd.org, "Eygene A. Ryabinkin" <freebsd@rea.mbslab.kiae.ru> Subject: Re: ports security (was: fetch extension - use local filename from content-disposition header) Message-ID: <20051230103511.GA998@rea.mbslab.kiae.ru> In-Reply-To: <20051230102044.GB855@zaphod.nitro.dk> References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> <20051230091546.GL895@rea.mbslab.kiae.ru> <20051230102044.GB855@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> I don't remember seeing it discussed. Fetching as a non-privileged > user seems like a really good idea to me. Building as non-root would > be nice, but doesn't really buy you much security wise (and will > possibly break at least some programs that makes silly assumptions > about build as root). OK, I'll try to play with the build system and portupgrade to add such functionality. Do not promise that it will be done quickly, but someday it will. > > Note that both of these features are somewhat paranoid security > features, and the risk of getting compromised by either is much > smaller than getting compromised by some other much more simple > vulnerability. Sure. As much in the security field this is paranoid. Happy New Year! -- rea BOFH excuse #147: Party-bug in the Aloha protocol
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051230103511.GA998>