Subject: Re: pkgsrc fubar... how to apply a patch?
To: None <netbsd-help@netbsd.org>
From: Keith Mastin <kmastin@beechtree.ca>
List: netbsd-help
Date: 08/21/2002 11:45:21
<snip>
>You don't need to compile everything as root - pkgsrc will detect this
>when it needs to su, and do it "just in time". There have been two
>trojan attacks recently (in irssi and openssh, pkgsrc was vulnerable
>to the irssi one, but not openssh) and the exposure to this sort of
>trojan (which happens during the configure stage) is greatly reduced
>if you run as a normal user.
>
Okay... this is valuable to know. One question.. I use pam on my other
(linux) systems where I give one user and one user only access to su
root via the wheel group and pam.d/su. I didn't see pam as a security
option here except for ldap and smb. Is there a way to limit root access
to one user and only one user, or is this done by default by simply adding
the username to the wheel group?
Thanks for the tip.
--
Keith Mastin BeechTree Information Technology Services Inc.
137 Laird Drive Toronto M4G 3V5 http://www.beechtree.ca
(416)696-6070 Fax(416)696-6072 kmastin@beechtree.ca