[prev in list] [next in list] [prev in thread] [next in thread] 

List:       listar-dev
Subject:    [EDev] Re: FreeBSD port suggestion
From:       David Terrell <dbt () meat ! net>
Date:       2002-02-07 19:07:54
[Download RAW message or body]


On Thu, Feb 07, 2002 at 12:16:53PM -0500, Momma Bear Trish wrote:
> 
> On Thu, 7 Feb 2002, Jim Trigg wrote:
> 
> >
> > On Thu, Feb 07, 2002 at 12:40:21AM -0500, Trish Lynch wrote:
> > >
> > > On Wed, 6 Feb 2002, Jim Trigg wrote:
> > >
> > > > Interesting points.  The dedicated server I rent was set up such that
> > > > /usr/ports is writable only by root; that's why I build as root.  After
> > > > reading your suggestions I think I'll change it to be writable by group
> > > > (wheel) and then build as a staff member with umask 077.
> > >
> > > having it u+g ecartis/ecartis shouldn;t be that hard, its a simple patch
> > > to the Makefile. Remember, I tend to build from CVS normally, not the
> > > port, I keep two directories, one for ecartis development which contains
> > > the CVS tree and another directory for the FreeBSD port. The second is the
> > > ecartis homedir which I use to build and install from.
> > >
> > > The problem with this approach means that some of the post-build stuff,
> > > like the addition of the user and group 'ecartis' has to be done
> > > pre-build, which isn't that difficult anyway.
> >
> > FYI, the other packages that produce set?id executables appear to do it
> > during install rather than build; ecartis is the only one that has
> > set?id executables in the /usr/ports tree.
> >
> 
> nod, thats because the ecartis Makefile does this. And it should make it
> seuid/setgid ecartis/ecartis rather than root.

I really don't think it should be setuid at all.  the build tree
can often be very different from what developers may assume, and
mistakes like this can be very harmful to the (perceived) security
of ecartis.

Just my 2c :)

-- 
David Terrell            | "My question is, if a mime types, isn't 
dbt@meat.net             |  that kinda cheating?"
http://wwn.nebcorp.com/  |    - Jason Zych

[prev in list] [next in list] [prev in thread] [next in thread]