Date: Fri, 30 Dec 2005 12:56:48 +0100 (CET) From: =?iso-8859-2?Q?=C1d=E1m_Szilveszter?= <adamsz@mailpont.hu> To: freebsd-current@freebsd.org Subject: Re: ports security (was: fetch extension - use local filename from content-disposition header) Message-ID: <1979.193.68.33.1.1135943808.squirrel@193.68.33.1> In-Reply-To: <20051230102044.GB855@zaphod.nitro.dk> References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> <20051230091546.GL895@rea.mbslab.kiae.ru> <20051230102044.GB855@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Pén, December 30, 2005 11:20 am, Simon L. Nielsen wrote: > I don't remember seeing it discussed. Fetching as a non-privileged > user seems like a really good idea to me. Building as non-root would > be nice, but doesn't really buy you much security wise I would be interested to hear why you think this. (I am aware of the problems at install stage) > (and will > possibly break at least some programs that makes silly assumptions > about build as root). Yes, although we do not know how many programs are affected by this in reality. Eg Gentoo, AFAIK does not build as root. > Note that both of these features are somewhat paranoid security > features, and the risk of getting compromised by either is much > smaller than getting compromised by some other much more simple > vulnerability. I think that running fetch as root is really an unnecessary risk to the system for the same reason as running a web browser or reading mail as root is. For some, this risk is bearable. But it is not security best practice by any stretch. Regards Sz. ------------------------------------------------------------------------ Telcsi.hu - A legújabb csengőhangok menő slágerekkel >>> Polifónikus és normál csengőhangok >>> Animált és normál háttérképek >>> MP3 effektek >>> http://www.telcsi.hu/index.php?prefix=VM
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1979.193.68.33.1.1135943808.squirrel>