Reflections on Trusting Trust
Kris Kennaway
kris at obsecurity.org
Wed Nov 30 09:02:55 GMT 2005
On Wed, Nov 30, 2005 at 09:55:24AM +0100, ?d?m Szilveszter wrote:
> On Sze, November 30, 2005 12:43 am, Colin Percival mondta:
> > Even before you get to that point, you have to worry about making sure
> > that the build clients are secure. One possibility which worries me a
> > great deal is that a trojan in the build code for a low-profile port
> > (e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to
> > gain control of a build client (and then insert trojans into packages
> > which are built there).
>
> Which practically begs the question: could we, pretty please, change the
> defaults and stop encouraging people from downloading distfiles and
> compiling them when using the ports tree as *root*? (shudder) There is
> exactly zero reason for this that I can think of apart from some "well
> it's more convenient that way" arguments.
And of course that some ports don't build as non-root :-)
If you're willing to fix them (there may be a lot), I could schedule a
full port build done as non-root so you can start work.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20051130/2aa05af3/attachment.bin
More information about the freebsd-security
mailing list