Re: Reflections on Trusting Trust

看板FB_security作者時間20年前 (2005/12/01 02:00), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串28/36 (看更多)
On Wed, 2005-Nov-30 13:36:10 +0100, Andreas Nemeth wrote: >On Wednesday 30 November 2005 09:55, 縴嫥 Szilveszter wrote: >> Which practically begs the question: could we, pretty please, change the >> defaults and stop encouraging people from downloading distfiles and >> compiling them when using the ports tree as *root*? > >Second that. But I feel a little uneasy about making /usr/ports/ group >writeable for wheel or giving it to a "normal" user on the system. By default, /usr/ports is used to store: - A checked-out copy of the ports tree as stored in CVS. - INDEX-* This is hard-wired in the Makefile infrastructure - Compilation/work directories - overridable with WRKDIRPREFIX - distfiles - overridable with DISTDIR - packages - overridable with PACKAGES - portupgrade's INDEX*.db - overridable with PORTS_DBDIR Rather than making /usr/ports writable by anyone other than root (if you don't want to), you can create alternative locations for distfiles, work directories (and package directories) so a normal used can download and compile ports. At one stage, editors/openoffice.org-1.1 wouldn't build if WRKDIRPREFIX was set but that has been fixed. I haven't run into any other problems (though it might be interesting for the build cluster to verify that). Note that the only ports-related file that can't be moved out of the ports tree is 'INDEX'. This is annoying (I'd like to be able to RO export /usr/ports across several FreeBSD variants) but 'make index' only uses information within the ports tree and so isn't dangerous. >And what about the +INSTALL and +DEINSTALL scripts, some ports want to run? I don't think any package management system has managed to avoid needing scripts to handle some functions. This is primarily an issue if you are installing a package because the scripts come out of your ports tree if you built the port. (AFAIK, no ports create these scripts on the fly). >Those I've seen, ensure that a certain user exists. Therefore they roam >around in /etc. And, hence, require root privileges. >BTW, those scripts fail (of course), if /tmp is mounted with the noexec >option. I think the solution to this is to set PKG_TMPDIR somewhere else. -- Peter Jeremy _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 PeterJeremy. 的文章
文章代碼(AID): #13ZUYa00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 28 之 36 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共36篇)
更多 PeterJeremy. 的文章
文章代碼(AID): #13ZUYa00 (FB_security)