On Mon, Nov 12, 2007 at 10:24:19AM -0800, Garrett Cooper wrote: > Greg Minshall wrote: >> i'd add my two cents for being able to do builds without running as root. > > Building as non-root user and then installing as root has its caveats I > would think.. > > Pro: > - Compiling as a non-root user and then installing as root reduces the > security risk of a possible exploit in the portmaster / base system > infrastructure.
I myself am not hoping that not compiling as root will save my system from being cracked by Mr. Malicious, and I would not advise anyone to believe in such illusions. Think about it, make install is still vulnerable :) Compiling ports as non-root simply follows from the principle of least authority. I hope it will save me from bugs in some makefile or configure script touching files on my system it should not be touching. I could do it with portupgrade, it never hurt, now I can do it with portmaster, too. > Con: > - People with sufficient permissions (possibly caused by bad umask > settings) but without root access, can modify the binaries / recompile > files to suit their needs prior to them being installed as root Indeed. Of course, on a multiuser system you should take proper precautions before using portmaster with -S. I'd like to stress again that the patch does not stop anyone from simply running portmaster entirely as root if desired. It's just like the -s switch portupgrade has had for ages. I wonder if there was a similar discussion about that switch when it was first introduced... -- stefan http://stsp.name PGP Key: 0xF59D25F0
pgptwWu154Wu9.pgp
Description: PGP signature