On 06.11.18 23:29, Nicholas Papadonis wrote:
> Do you know anything about the process to integrate new source code,
> review changes that are Mac specific, mark branches stable, build and
> release? Do particular users have privileged access to be part of this
> process?
There are no special
Do you know if there is a select group that reviews source changes to the
installer package and ports installer? This seems like a good entry point
to slip in malicious binaries as root. Therefore I'm curious if there is a
good security lock on it.
Thanks again for your help
On Tue, Nov 6,
Thanks for the quick reply.
Do you have any specific examples or facts which support these claims?
On Tue, Nov 6, 2018 at 10:27 AM Marius Schamschula
wrote:
> I can't say that I'm a security expert, but have been a system
> administrator of *NIX systems for 23 years, and do follow a number of
I appreciate the detailed description.
Do you know anything about the process to integrate new source code, review
changes that are Mac specific, mark branches stable, build and release? Do
particular users have privileged access to be part of this process?
I suspect this is an issue with any
I notice source is located at:
https://www.macports.org/ports.php?by=all
Is there any specific way for one to reconcile the binaries Macports is
installing to the source code maintained by the project? Branch, tag,
marker etc?
Thanks
On Tue, Nov 6, 2018 at 12:54 PM Ryan Schmidt
wrote:
>
>
>
On Nov 6, 2018, at 09:14, Nicholas Papadonis wrote:
> This article goes into depth on how Homebrew opens OSX to a number of
> security issues. I'm curious if a security expert could comment if similar
> vulnerabilities exist with Macports.
>
> One vulnerability is a malicious program
I can't say that I'm a security expert, but have been a system administrator of
*NIX systems for 23 years, and do follow the advice from a number of real
security experts.
You mention an obvious issue with installing binaries w/o root permission, no
matter where in the directory structure.
This article goes into depth on how Homebrew opens OSX to a number of
security issues. I'm curious if a security expert could comment if similar
vulnerabilities exist with Macports.
One vulnerability is a malicious program acquiring the administrators
password. The attack is opened up when