On Tue, Oct 21, 2014 at 12:18 PM, patrick keshishian <[email protected]> wrote:
> On 10/21/14, Stuart Henderson <[email protected]> wrote: > > On 2014/10/21 10:58, Amit Kulkarni wrote: > >> On Tue, Oct 21, 2014 at 10:28 AM, Stuart Henderson <[email protected]> > >> > I'm fetching distfiles as my normal uid, then doing builds as pbuild. > >> > pf.conf: > >> > > >> > "block quick log proto {tcp udp} user pbuild" > >> > > >> > > >> This can be disabled by user and bypassed, > > > > If you're aware of a way in which an unprivileged user can change PF > > rules, it's probably best if you let me (or security@) know in private > > mail. > > I read that comment as: the system admin, may not > (forgets to?) enable such a rule. Also, the pf rule route > seems a bit "clunky" and disjointed from the ports process. > Somebody might disable the default PF rules and overwrite with their own, and forget about it. If it isn't caught by anybody else port might get committed. In that case, it will be caught in a bulk build by someone. Generally, people don't touch systrace enable/disable, but they usually fiddle with PF rules. But yes, this is immaterial. Patrick got the drift of this, sorry for not explaining clearly in the initial email. > > >> you can't bypass systrace during ports build. Also, it would be > >> possible to place files in FAKE /etc i.e in places other than > /usr/local? > > > > I'm confused. It's ok if the port build puts things in directories > > writable by the user doing port builds, because that user only has > > filesystem permissions to write to a limited number of places > > (mostly the build dir). > > Consider a wip port, which may write files in $HOME, or > worse yet, delete files or directories from $HOME. > > I always felt more at ease, knowing systrace would "slap" > the hand that attempted that, whether maliciously or > erroneously. > > --patrick > +1 I am asking if user can create /etc/sysctl.conf in a port, that port overwrites the real /etc/sysctl.conf because a port has superuser privileges during install. If systrace is not there to catch it, would it get installed? Or as Patrick says in another email: what about add/delete in $HOME? Systrace protects us here. Is there any way to solve this problem and the arbitrary net download problem during port building?
