Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)
From: f.johan.beisser (jan@caustic.org)
Date: 10/02/02
- Next message: Nick Nauwelaerts: "Re: Is FreeBSD's tar susceptible to this?"
- Previous message: Brian Behlendorf: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- In reply to: Brian Behlendorf: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Next in thread: Mike Hoskins: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 1 Oct 2002 19:12:11 -0700 (PDT) From: "f.johan.beisser" <jan@caustic.org> To: Brian Behlendorf <brian@hyperreal.org>
On Tue, 1 Oct 2002, Brian Behlendorf wrote:
> So, fix the ports system then to include a step whereby someone has to
> pause the installation process to review the output of tar before allowing
> it to proceed.
if you're installing a port, i would tend to assume it's A) from the
FreeBSD ports tree, and B) checked out, and using an md5 hash (already in
the tree) that's separate/updated by the maintainer. in this case, the
port maintainer is directly responsible for the port. of course, you have
to trust your port maintainer to not be out to cause harm.
trust does have to begin somewhere, after all.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan@caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Nick Nauwelaerts: "Re: Is FreeBSD's tar susceptible to this?"
- Previous message: Brian Behlendorf: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- In reply to: Brian Behlendorf: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Next in thread: Mike Hoskins: "Re: tar/security best practice (was Re: RE: Is FreeBSD's tar susceptible to this?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
