parts of ports

[Matthew Seaman]

On Wed, Sep 01, 2004 at 11:21:25PM +0200, messmate wrote:
> On Wed, 01 Sep 2004 23:54:10 +0900
> Luke Kearney <lukek at meibin.net> wrote:
> 
> >
> >On Wed, 01 Sep 2004 16:55:35 +0200
> >"B.Hansson" <bernt at bah.homeip.net> spake thus:
> >> messmate skrev:

> >> > is there a way to install only parts of the ports tree to set 
> >> > them up ? The ports tree takes 237M up :(

> >> Yes. tar -zxvf ports.tar.gz path/to/port/you/want/to/install

> >> That's how I did it. See to it that you have Mk, Templates and such 
> >> directorys in your /usr/ports dir.

> Why is it so insecure have the ports installed ?
> When downloading (cvs) i presume ?

In general it's not particularly insecure to have the ports tree, or
bits of it, installed.  However the OP was talking about building a
highly secure firewall type system.  The idea is to avoid giving an
attacker a really handy way of installing any extra software they
might want.  Not that is makes a huge amount of difference, as when an
attacker has achieved that degree of control over the machine,
basically all is already lost. Presumably they'll just upload whatever
packages they want.

In the end, it's a matter of personal preference and the availability
of disk space whether you install the ports or not.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040902/86fe188c/attachment.bin