Re: fetch extension - use local filename from content-disposition header

From: des@xxxxxx (Dag-Erling Smørgrav)
Date: Fri, 30 Dec 2005 10:11:19 +0100

Ádám Szilveszter <adamsz@xxxxxxxxxxx> writes:
> You know, there are much bigger problems than that. For example the fact,
> that any vulnerability in fetch(1) or libfetch(3) is a remote root
> compromise candidate on FreeBSD, because the Ports system still insists on
> running it as root by default downloading distfiles from unchecked amd
> potentially unsecure servers all over the Internet.

Wrong. If you go into a ports directory and type 'make install clean'
as an unprivileged user, the only parts of the build that actually run
with root privileges are the final portions of the installation
sequence.

DES
--
Dag-Erling Smørgrav - des@xxxxxx

_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: fetch extension - use local filename from content-disposition header
  - From: Ádám Szilveszter
- Re: fetch extension - use local filename from content-disposition header
  - From: Matthew Seaman

References:
- fetch extension - use local filename from content-disposition header
  - From: Martin Cracauer
- Re: fetch extension - use local filename from content-disposition header
  - From: Barney Wolff
- Re: fetch extension - use local filename from content-disposition header
  - From: Sean Bryant
- Re: fetch extension - use local filename from content-disposition header
  - From: Pawel Worach
- Re: fetch extension - use local filename from content-disposition header
  - From: Martin Cracauer
- Re: fetch extension - use local filename from content-disposition header
  - From: Barney Wolff
- Re: fetch extension - use local filename from content-disposition header
  - From: Ádám Szilveszter

Prev by Date: Re: fetch extension - use local filename from content-disposition header
Next by Date: Re: fetch extension - use local filename from content-disposition header
Previous by thread: Re: fetch extension - use local filename from content-disposition header
Next by thread: Re: fetch extension - use local filename from content-disposition header
Index(es):
- Date
- Thread

Relevant Pages

Re: fetch extension - use local filename from content-disposition header
... there are much bigger problems than that. ... compromise candidate on FreeBSD, because the Ports system still insists on ... running it as root by default downloading distfiles from unchecked amd ...
(freebsd-current)
Re: Do we really need to worry about viruses
... > development company, and every one of the developers develops on ... and every one of them insists on running as root. ... worry about email viruses or click-thru vectors, ...
(Debian-User)
I need to set up a site in a root, but FP wont let me
... I need to set up a site in a root, like http://www.mysite.com but FP INSISTS ... that I use a lower level folder name, ... Larry Woods ...
(microsoft.public.frontpage.programming)
Re: root password and su (maybe)
... >> This is what sudo is for. ... If he insists on having root, ... > with a password-less sudoers file, you may as well run as root. ... much damage) and kill systems. ...
(RedHat)
Re: Grub and FreeBSD 4.9
... > make install clean ... > title FreeBSD ... > root ... Cyrille Lefevre. ...
(freebsd-hackers)