On 10/21/14, Stuart Henderson <st...@openbsd.org> wrote:
> On 2014/10/21 10:58, Amit Kulkarni wrote:
>> On Tue, Oct 21, 2014 at 10:28 AM, Stuart Henderson <st...@openbsd.org>
>> > I'm fetching distfiles as my normal uid, then doing builds as pbuild.
>> > pf.conf:
>> >
>> > "block quick log proto {tcp udp} user pbuild"
>> >
>> >
>> This can be disabled by user and bypassed,
>
> If you're aware of a way in which an unprivileged user can change PF
> rules, it's probably best if you let me (or security@) know in private
> mail.I read that comment as: the system admin, may not (forgets to?) enable such a rule. Also, the pf rule route seems a bit "clunky" and disjointed from the ports process. >> you can't bypass systrace during ports build. Also, it would be >> possible to place files in FAKE /etc i.e in places other than /usr/local? > > I'm confused. It's ok if the port build puts things in directories > writable by the user doing port builds, because that user only has > filesystem permissions to write to a limited number of places > (mostly the build dir). Consider a wip port, which may write files in $HOME, or worse yet, delete files or directories from $HOME. I always felt more at ease, knowing systrace would "slap" the hand that attempted that, whether maliciously or erroneously. --patrick
