Re: Long build?

> On Nov 6, 2018, at 1:17 AM, Mojca Miklavec wrote: > > Dear Adam, > > On Tue, 6 Nov 2018 at 05:24, Adam Dershowitz wrote: >> >> I’m upgrading dvisvgm from to 2.3.4_4 to 2.6.1_0. I’m on a fairly recent >> MacBook pro, and it has been building for 13 hours! The process is “make” >> and it

Re: Long build?

As it seems so far you're the only one with the hiccup, you have to see what's happening. When it's stuck, run top to see what's eating up the clock. Activity Monitor or ps to see what's running. Possibly sample the process that's stuck .to see what it's doing. Ken > On Nov 6, 2018, at 06:31,

Re: Long build?

I’ve done that. It just shows make at 98.8% cpu. When I’ve tried to sample, I get a call chain that has a lot of ??? (in make). I tried to add a screen shot of the call chain, since activity monitor won’t allow me to copy, but the message ended up being too large. The beginning of the call ch

Re: Long build?

I also ran into this on my High Sierra machine this morning. I halted the job, restarted it in verbose mode, and it finished. > On Nov 6, 2018, at 8:49 AM, Adam Dershowitz wrote: > > I’ve done that. It just shows make at 98.8% cpu. When I’ve tried to sample, > I get a call chain that has a l

Security Issues using Homebrew or Macports, malicious binary insertion

This article goes into depth on how Homebrew opens OSX to a number of security issues. I'm curious if a security expert could comment if similar vulnerabilities exist with Macports. One vulnerability is a malicious program acquiring the administrators password. The attack is opened up when Homebre

Re: Long build?

Trying it verbose was a good suggestion. For me, it still hangs, but I did get some more info. Here are the last few lines, where it finally just hangs: /bin/sh ../libtool --tag=CXX --mode=link /usr/bin/clang++ -std=gnu++11 -Wall -Wnon-virtual-dtor -Wno-mismatched-tags -I../libs/clipper -I

Re: Security Issues using Homebrew or Macports, malicious binary insertion

I can't say that I'm a security expert, but have been a system administrator of *NIX systems for 23 years, and do follow the advice from a number of real security experts. You mention an obvious issue with installing binaries w/o root permission, no matter where in the directory structure. Ther

Re: Long build?

Interesting, what is the output of the following? $ which -a sed Cheers! Frank > On Nov 6, 2018, at 8:15 AM, Adam Dershowitz wrote: > > Trying it verbose was a good suggestion. For me, it still hangs, but I did > get some more info. Here are the last few lines, where it finally just hangs:

Re: Long build?

/usr/bin/sed --Adam > On Nov 6, 2018, at 11:49 AM, wrote: > > Interesting, what is the output of the following? > > $ which -a sed > > > Cheers! > Frank > >> On Nov 6, 2018, at 8:15 AM, Adam Dershowitz > > wrote: >> >> Trying it verbose was a good suggestion.

Re: Long build?

> On Nov 6, 2018, at 10:27 AM, Ken Cunningham > wrote: > > > >> On Nov 6, 2018, at 7:15 AM, Adam Dershowitz > > wrote: >> >> touch -r dvisvgm.txt.in dvisvgm.txt > > Hangs on a touch, it appears. > > When I’ve seen this in the past, disabling parallel building usu

Re: Security Issues using Homebrew or Macports, malicious binary insertion

On Nov 6, 2018, at 09:14, Nicholas Papadonis wrote: > This article goes into depth on how Homebrew opens OSX to a number of > security issues. I'm curious if a security expert could comment if similar > vulnerabilities exist with Macports. > > One vulnerability is a malicious program acquiri

Re: Security Issues using Homebrew or Macports, malicious binary insertion

On 2018-11-06, at 9:54 AM, Ryan Schmidt wrote: > > > MacPorts keeps track of what files each port installs and does not permit one > port to overwrite another port's files (unless the user requests this by > using the -f flag, so the user should refrain from habitually using this > flag). >

Re: Security Issues using Homebrew or Macports, malicious binary insertion

Hi, On Tue, Nov 06, 2018 at 10:14:31AM -0500, Nicholas Papadonis wrote: > This article goes into depth on how Homebrew opens OSX to a number of > security issues. I'm curious if a security expert could comment if > similar vulnerabilities exist with Macports. > > One vulnerability is a malicious

Re: Security Issues using Homebrew or Macports, malicious binary insertion

I notice source is located at: https://www.macports.org/ports.php?by=all Is there any specific way for one to reconcile the binaries Macports is installing to the source code maintained by the project? Branch, tag, marker etc? Thanks On Tue, Nov 6, 2018 at 12:54 PM Ryan Schmidt wrote: > > >

Re: Security Issues using Homebrew or Macports, malicious binary insertion

I appreciate the detailed description. Do you know anything about the process to integrate new source code, review changes that are Mac specific, mark branches stable, build and release? Do particular users have privileged access to be part of this process? I suspect this is an issue with any op

Re: Security Issues using Homebrew or Macports, malicious binary insertion

Thanks for the quick reply. Do you have any specific examples or facts which support these claims? On Tue, Nov 6, 2018 at 10:27 AM Marius Schamschula wrote: > I can't say that I'm a security expert, but have been a system > administrator of *NIX systems for 23 years, and do follow a number of r

Re: Security Issues using Homebrew or Macports, malicious binary insertion

Do you know if there is a select group that reviews source changes to the installer package and ports installer? This seems like a good entry point to slip in malicious binaries as root. Therefore I'm curious if there is a good security lock on it. Thanks again for your help On Tue, Nov 6, 2018