Re: setuid on nethack?

From: Anthony Atkielski (anthony@freebie.atkielski.com)
Date: 11/22/01

• Next message: Juan Mauricio Camayo: "Re: Help on directories"
• Previous message: Gary W. Swearingen: "Re: setuid on nethack?"
• In reply to: Gary W. Swearingen: "Re: setuid on nethack?"
• Next in thread: Kris Kennaway: "Re: setuid on nethack?"
• Reply: Kris Kennaway: "Re: setuid on nethack?"
• Reply: Bill Fumerola: "Re: setuid on nethack?"
• Reply: Brian T.Schellenberger: "Re: setuid on nethack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Anthony Atkielski" <anthony@freebie.atkielski.com>
To: "Gary W. Swearingen" <swear@blarg.net>
Date: Thu, 22 Nov 2001 22:07:42 +0100

Alas! This does not make me feel warm and fuzzy! It's a good thing I'm not
installing this at a bank.

----- Original Message -----
From: "Gary W. Swearingen" <swear@blarg.net>
To: "Anthony Atkielski" <anthony@freebie.atkielski.com>
Cc: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>;
<freebsd-security@FreeBSD.ORG>
Sent: Thursday, November 22, 2001 22:00
Subject: Re: setuid on nethack?

> "Anthony Atkielski" <anthony@freebie.atkielski.com> writes:
>
> > When I add ports and stuff to my system, sometimes they are picked up from
some
> > bizarre FTP sites, and in cases where the executables do not have to be
trusted,
> > some guidelines on how better to secure them would be welcome. I know that
> > often they are being rebuilt from source before installation, but it isn't
> > really practical to read through the source for every port just to look for
> > suspicious code.
>
> I've also worried about this sort of thing since learning the ports
> system last winter. There's a lot of downloading and running of scripts
> as root going on and it's scary, especially after you've spent many days
> tring to improve your security. A few more observations on the subject:
>
> The main defense seems to be the fear of being tracked down by hackers
> more skillful than most crackers, aided by the use of MD5 to verify that
> you're installing the same thing that someone else has already installed
> and found (with meager testing, sadly, but necessarily) to work OK.
>
> I've read of little vandalware on FreeBSD (or Linux). The risk seems
> acceptable for most people, at least those who do backups. There also
> might not be any less risky practical alternatives for many.
>
> If one learns the details of the ports system, one can do all or most of
> the ports stuff as a regular user, downloading, building, and installing
> to non-standard, non-root-protected directories. Someone posted some
> clues about this on -questions (or -stable?) withing the last couple of
> weeks, but I can't find my copy of it.
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Juan Mauricio Camayo: "Re: Help on directories"
• Previous message: Gary W. Swearingen: "Re: setuid on nethack?"
• In reply to: Gary W. Swearingen: "Re: setuid on nethack?"
• Next in thread: Kris Kennaway: "Re: setuid on nethack?"
• Reply: Kris Kennaway: "Re: setuid on nethack?"
• Reply: Bill Fumerola: "Re: setuid on nethack?"
• Reply: Brian T.Schellenberger: "Re: setuid on nethack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-11