> > On 2026/05/14 09:03, Janne Johansson wrote: > > > If you start a ports build as root, it will drop privs to the _pfetch > > > and _pbuild user for the respective steps, where the _pbuild user is > > > disallowed to talk network if you use default pf rules. > > > > That's not correct. > > Ports in general is *not* setup to be started as root. > > Sorry, my bad. I was thinking of dpb, which of course can be used to build not-just-all-ports but also single ports. The manpage for that goes: ... When dpb is run as root, it uses a privilege drop model instead of the dangerous privilege elevation model of doas(1). When run as root, by default, _pbuild is used as the build and log user, and _pfetch is used as the fetch user. -- May the most significant bit of your life be positive.
No comments:
Post a Comment