On 10/21/14, Stuart Henderson <st...@openbsd.org> wrote: > On 2014/10/21 10:58, Amit Kulkarni wrote: >> On Tue, Oct 21, 2014 at 10:28 AM, Stuart Henderson <st...@openbsd.org> >> > I'm fetching distfiles as my normal uid, then doing builds as pbuild. >> > pf.conf: >> > >> > "block quick log proto {tcp udp} user pbuild" >> > >> > >> This can be disabled by user and bypassed, > > If you're aware of a way in which an unprivileged user can change PF > rules, it's probably best if you let me (or security@) know in private > mail.
I read that comment as: the system admin, may not (forgets to?) enable such a rule. Also, the pf rule route seems a bit "clunky" and disjointed from the ports process. >> you can't bypass systrace during ports build. Also, it would be >> possible to place files in FAKE /etc i.e in places other than /usr/local? > > I'm confused. It's ok if the port build puts things in directories > writable by the user doing port builds, because that user only has > filesystem permissions to write to a limited number of places > (mostly the build dir). Consider a wip port, which may write files in $HOME, or worse yet, delete files or directories from $HOME. I always felt more at ease, knowing systrace would "slap" the hand that attempted that, whether maliciously or erroneously. --patrick