On 2014/10/21 10:58, Amit Kulkarni wrote:
> On Tue, Oct 21, 2014 at 10:28 AM, Stuart Henderson <st...@openbsd.org>
> > I'm fetching distfiles as my normal uid, then doing builds as pbuild.
> > pf.conf:
> >
> > "block quick log proto {tcp udp} user pbuild"
> >
> >
> This can be disabled by user and bypassed,If you're aware of a way in which an unprivileged user can change PF rules, it's probably best if you let me (or security@) know in private mail. > you can't bypass systrace during ports build. Also, it would be > possible to place files in FAKE /etc i.e in places other than /usr/local? I'm confused. It's ok if the port build puts things in directories writable by the user doing port builds, because that user only has filesystem permissions to write to a limited number of places (mostly the build dir).
