Subject: Re: trusting cvs & pkgsrc
To: Jan Danielsson <firstname.lastname@example.org>
From: Chuck Swiger <email@example.com>
Date: 12/15/2005 15:29:21
Jan Danielsson wrote:
[ ...You should not turn on "Read receipts" when sending mail to a mailing list,
but then, the list software should have caught and filtered out the
Disposition-notification-to header... ]
> On my NetBSD system, I have a user called "pkgsrc", with a home
> directory /home/pkgsrc which is responsible for storing pkgsrc. I don't
> find this to be optimal. I would prefer to keep pkgsrc in /usr/pkgsrc,
> and have root own it.
> The reason I have created a pkgsrc user is because I don't trust cvs.
> If it runs amok, I want to limits its possibilities to do damage.
[ ... ]
> I love the "least possible rights" philisophy, and sync:ing pkgsrc
> really doesn't require root privileges.
There is no reason at all to run cvs as root if you don't want to, it will work
fine checking out files as an untrusted user. On the other hand, you eventually
are going to be compiling this stuff into the kernel and setuid-root userland
applications, so if malicious code gets in there, you're going to encounter it
sooner or later anyway.
Yes, lots of people seem to find building and testing the code in a jailed