Jeremy C. Reed wrote: > On Sun, 23 Apr 2006, Christian Hattemer wrote: > > > In summary: Are there real concerns in this area, or am I just paranoid? > > I would not be concerned. Note that even without pkg_comp the default is > to do the installation targets as root and we do trust/allow that. That's not how I see it. If something doesn't need privileges I don't run it as root. Plain and simple. I don't want to think about - and it would be a bad idea to trust one's intuition - whether there *could* be an issue. If you don't run something as root you just know that a huge amount of issues don't exist. It's not only a measure to prevent malice, a simple whitespace can cause an unintended blank filesystem instead of the intended directory removal. Ever tried "indent /netbsd" as root, by the way? > As for me, I just manually setup build environment and chroot and do my > builds as non-root and installs and packaging as root. > You could do the builds and installs and packaging as non-root too. (And I > do that frequently on some systems.) And some packages wont' build > though. I build only those packages I need and I cannot remember seeing any packages that failed because building and installing as non-root. In a very few cases, packages need set-UID/GID bits somewhere, a special user etc. but that's usually obvious from the build log, the Makefile or the documentation. Since I don't run anything from pkgsrc as root and the pkgsrc user can only write in /usr/pkgsrc and /usr/pkg (var/db/pkg is a symlink), the root account should be fairly safe from pkgsrc. The other acounts aren't but systrace exists - at least on OpenBSD and NetBSD - it won't help you anywhere else e.g. Linux. -- Christian
Attachment:
pgpHyc0AZFRrV.pgp
Description: PGP signature