Re: fetch extension - use local filename from content-disposition header
- From: Matthew Seaman <m.seaman@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 30 Dec 2005 09:36:50 +0000
Dag-Erling Smørgrav wrote:
Ádám Szilveszter <adamsz@xxxxxxxxxxx> writes:
You know, there are much bigger problems than that. For example the fact,
that any vulnerability in fetch(1) or libfetch(3) is a remote root
compromise candidate on FreeBSD, because the Ports system still insists on
running it as root by default downloading distfiles from unchecked amd
potentially unsecure servers all over the Internet.
Wrong. If you go into a ports directory and type 'make install clean' as an unprivileged user, the only parts of the build that actually run with root privileges are the final portions of the installation sequence.
Not if you, as a naive user, take a freshly installed system and an unmodified environment. You'll need to make a bunch of changes before everything will run smoothly:
* Make /usr/ports/distfiles writable by user or set $DISTDIR to
a writable directory
* Make /var/db/ports writable by user or set $PORT_DBDIR to a writable location
* Make each port directory writable -- so the the 'work' directories
can be created -- or set $WRKDIRPREFIX to a writable location.
And in fact, if you go on to do the same deal with $PKG_DBDIR and $PREFIX plus set $INSTALL_AS_USER then you can install most ports entirely as a mortal user -- the exceptions being ports that want to run mtree(8) or that need to install programs with specific UID or GIDs.
Not setting $INSTALL_AS_USER means you'll be prompted to supply the root password where needed at install time.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PWAttachment:
signature.asc
Description: OpenPGP digital signature
- Follow-Ups:
- Re: fetch extension - use local filename from content-disposition header
- From: John Baldwin
- Re: fetch extension - use local filename from content-disposition header
- From: Simon L. Nielsen
- Re: fetch extension - use local filename from content-disposition header
- From: Andrea Campi
- Re: fetch extension - use local filename from content-disposition header
- References:
- fetch extension - use local filename from content-disposition header
- From: Martin Cracauer
- Re: fetch extension - use local filename from content-disposition header
- From: Barney Wolff
- Re: fetch extension - use local filename from content-disposition header
- From: Sean Bryant
- Re: fetch extension - use local filename from content-disposition header
- From: Pawel Worach
- Re: fetch extension - use local filename from content-disposition header
- From: Martin Cracauer
- Re: fetch extension - use local filename from content-disposition header
- From: Barney Wolff
- Re: fetch extension - use local filename from content-disposition header
- From: Ádám Szilveszter
- Re: fetch extension - use local filename from content-disposition header
- From: Dag-Erling Smørgrav
- fetch extension - use local filename from content-disposition header
- Prev by Date: [head tinderbox] failure on i386/i386
- Next by Date: Re: fetch extension - use local filename from content-disposition header
- Previous by thread: Re: fetch extension - use local filename from content-disposition header
- Next by thread: Re: fetch extension - use local filename from content-disposition header
- Index(es):
Relevant Pages
|
|
