Re: Reflections on Trusting Trust
--huq684BweRXVnRxX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Nov 30, 2005 at 09:55:24AM +0100, ?d?m Szilveszter wrote:
> On Sze, November 30, 2005 12:43 am, Colin Percival mondta:
> > Even before you get to that point, you have to worry about making sure
> > that the build clients are secure. One possibility which worries me a
> > great deal is that a trojan in the build code for a low-profile port
> > (e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to
> > gain control of a build client (and then insert trojans into packages
> > which are built there).
>=20
> Which practically begs the question: could we, pretty please, change the
> defaults and stop encouraging people from downloading distfiles and
> compiling them when using the ports tree as *root*? (shudder) There is
> exactly zero reason for this that I can think of apart from some "well
> it's more convenient that way" arguments.
And of course that some ports don't build as non-root :-)
If you're willing to fix them (there may be a lot), I could schedule a
full port build done as non-root so you can start work.
Kris
--huq684BweRXVnRxX
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFDjWq3Wry0BWjoQKURArmKAJ4isEMkIoaUSw6WYzcbuvqMLHnk9gCfVUpQ
5btEz+JfJJjKTSmhbTqnStU=
=QoQw
-----END PGP SIGNATURE-----
--huq684BweRXVnRxX--
討論串 (同標題文章)
完整討論串 (本文為第 20 之 36 篇):