Re: fetch extension - use local filename from content-disposition header
- From: Matthew Seaman <m.seaman@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 30 Dec 2005 12:47:51 +0000
Simon L. Nielsen wrote:
On 2005.12.30 09:36:50 +0000, Matthew Seaman wrote:
Dag-Erling Smørgrav wrote:
Wrong. If you go into a ports directory and type 'make install clean' as an unprivileged user, the only parts of the build that actually run with root privileges are the final portions of the installation sequence.
Not if you, as a naive user, take a freshly installed system and an unmodified environment. You'll need to make a bunch of changes before everything will run smoothly:
* Make /usr/ports/distfiles writable by user or set $DISTDIR to
a writable directory
* Make /var/db/ports writable by user or set $PORT_DBDIR to a writable location
* Make each port directory writable -- so the the 'work' directories
can be created -- or set $WRKDIRPREFIX to a writable location.
It should of cause be mentioned that by doing this you have now made it possible for "user" to gain root privileges. This might not a problem in many cases, but people should be aware of it.
'user' would have to know the root password already in order to be
able to install stuff. Is this scheme better or worse than having
root do all the fetching and compiling?
I guess making the ports directories writable is the big no-no here. That means for instance, an ill-intentioned person could spoof you into installing software with a backdoor in it, seeing as they could download a trojanned distfile and also tweak the checksums in the port distinfo. Although I suppose being able to inject arbitrary code into make(1) by fiddling with the files under /var/db/ports is pretty bad too.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PWAttachment:
signature.asc
Description: OpenPGP digital signature
- References:
- fetch extension - use local filename from content-disposition header
- From: Martin Cracauer
- Re: fetch extension - use local filename from content-disposition header
- From: Barney Wolff
- Re: fetch extension - use local filename from content-disposition header
- From: Sean Bryant
- Re: fetch extension - use local filename from content-disposition header
- From: Pawel Worach
- Re: fetch extension - use local filename from content-disposition header
- From: Martin Cracauer
- Re: fetch extension - use local filename from content-disposition header
- From: Barney Wolff
- Re: fetch extension - use local filename from content-disposition header
- From: Ádám Szilveszter
- Re: fetch extension - use local filename from content-disposition header
- From: Dag-Erling Smørgrav
- Re: fetch extension - use local filename from content-disposition header
- From: Matthew Seaman
- Re: fetch extension - use local filename from content-disposition header
- From: Simon L. Nielsen
- fetch extension - use local filename from content-disposition header
- Prev by Date: problems with wifi
- Next by Date: Re: fetch extension - use local filename from content-dispositionheader
- Previous by thread: Re: fetch extension - use local filename from content-disposition header
- Next by thread: Re: fetch extension - use local filename from content-disposition header
- Index(es):
Relevant Pages
|
|
