From nobody Thu Jul 28 15:44:08 2022 X-Original-To: freebsd-pkg@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ltw1R1NwDz4X5Kw for ; Thu, 28 Jul 2022 15:44:11 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ltw1R0p7fz3DD4; Thu, 28 Jul 2022 15:44:11 +0000 (UTC) (envelope-from bapt@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659023051; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Ikhrhj2l+RiR9jxxfaa00X81+8CcJUgLuF1w//gv0Kc=; b=RClKxv9gO0871yFyUKPhUH4XbhmK6fn8DIJ+ZqNDy100EXetiwzAEaRbcwwZOR1RJR1HG2 xdFz5m+pSGshXqe2sS1K0sx4ageRJGWiWd0nzOwvlFHWENBG0esCoJC3+0j6vGnOsqcCwC pkqI9ueShDkkB+gWN1OsJ6Kk8rOmFqzQ8tRtOLnbgTkQ/3jh2t9bBnZ5LIRRunLaMcSKZ/ UR+GoSijlZW6Ij+72i5GP360eQlzU+JPNnyGeRG5F/2AnFcBy6Y5Doz7DMIs6l6r7572+w eSDSh9lh0N8P8yab5e05J3tfo2lloj9t9CSWraaFu5eMaECATiVUS9mo0qtwWQ== Received: from aniel.nours.eu (nours.eu [IPv6:2001:41d0:8:3a4d::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) (Authenticated sender: bapt) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Ltw1Q6KkLz1PKY; Thu, 28 Jul 2022 15:44:10 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: by aniel.nours.eu (Postfix, from userid 1001) id C5E32B61E1; Thu, 28 Jul 2022 17:44:08 +0200 (CEST) Date: Thu, 28 Jul 2022 17:44:08 +0200 From: Baptiste Daroussin To: niko.nastonen@icloud.com Cc: "freebsd-pkg@freebsd.org" Subject: Re: pkg and root privileges Message-ID: <20220728154408.em52aqyovyvatcff@aniel.nours.eu> References: <0320D2DB-F61B-4F8B-B80F-D7765860283E@icloud.com> <20220728150805.ixev66bv3bhdjdn4@aniel.nours.eu> <1FDE9D79-08E1-46E7-83A6-9538D81333A4@icloud.com> List-Id: Binary package management and package tools discussion List-Archive: https://lists.freebsd.org/archives/freebsd-pkg List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkg@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1FDE9D79-08E1-46E7-83A6-9538D81333A4@icloud.com> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659023051; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Ikhrhj2l+RiR9jxxfaa00X81+8CcJUgLuF1w//gv0Kc=; b=RsyVHKhs8hvSXuHj9fi0zlyZiem1avJxwb6A8BkwIH+zF8sYQwR+dNhKOOGKi3qb0BxNwH w569q7+vo9Qo1zoivQCbUl8HwmYEQAR456/q+4ZBdMYVedtugQlHLVmVDdO4dDIxyOL+1b YrGiy/KOMUEa/qGb3fMKO7SD/1oIdX7PPle2nZw9UhVgTh2EZgYN90amfBBrzH/IM1jtC9 5XLd3Ri7ZY+pA6riADAHzP2R6xSti+Il45z+Mx43Njn+nDwopyohyfemkFb4UzYDlCEXtI spNSZi3xVn2pBHSJsBz/SDbbg6q3hu2uaBJTQMKh0pUflUVTMvmX87x4bGWDsA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659023051; a=rsa-sha256; cv=none; b=pbKj5RLIWAqtzwKijk2hNUTuDQLIxqmn8A2OuudYCTEc7GpvMbPhUc0fxbPfKQk4FZFXNV DJ8B+mkp3VZl/IRG7PSeymjve3CMO5Sl9ZMDu8NO8MG2UpeFHssji/dvYd7+5648Z8YGwp aKVtk7e11nG/R/4arPkwKwxWVCXiprWZhkAZnny2tLu4e4tHx9rrQ3gvZMnsSt5RUdKHHG 8xPbv+/suKI6fwiDFWQWyw+45soe+z5tIiCdyPfu72lSZzBUmURaHQh1jOPajr1OTbC7rl a29ApYyUXNxHA870HPEIgi2j25vdQjv7vNd9xA4N2/YTxqIzZ9EqeahC92A4ng== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N On Thu, Jul 28, 2022 at 06:30:37PM +0300, niko.nastonen@icloud.com wrote: > The thread on the forum was closed and deleted by moderators due to unsportsmanlike conduct of some very worried about security :-) > > pkg indeed needs some review in terms of usage of superuser privileges, in my opinion. Not only fetch, but other parts too, fetch just being probably the most fragile in that sense. > > Thanks for your attention. I am open to any audit, and of course like for any audit there will be bugs found. as for usage of superuser privileges, we use capsicum sandbox in most sensitive cases, like signature verification for example. so while we are clearly not bullet proof, I don't think the situation is dramatic at all. Best regards, Bapt