aboutsummaryrefslogtreecommitdiffstats
path: root/games
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2001-01-29 08:22:10 +0800
committerkris <kris@FreeBSD.org>2001-01-29 08:22:10 +0800
commit17b82a6a8c4836e310a3f6fcaed91fefb3535979 (patch)
treec952c6da0b652edd5734fa6cd92e56cad4705036 /games
parent37f96bfba615780e1dce40988d7cd2cfeead74a3 (diff)
downloadfreebsd-ports-gnome-17b82a6a8c4836e310a3f6fcaed91fefb3535979.tar.gz
freebsd-ports-gnome-17b82a6a8c4836e310a3f6fcaed91fefb3535979.tar.zst
freebsd-ports-gnome-17b82a6a8c4836e310a3f6fcaed91fefb3535979.zip
Add a security warning about the many local buffer overflows in this
software, qualified by the fact that it's setgid games and therefore not dangerous to the system. Many of these buffer overflows aren't classic smashed stacks, but I bet at least one is exploitable :-)
Diffstat (limited to 'games')
-rw-r--r--games/dopewars/Makefile6
-rw-r--r--games/dopewars/pkg-install9
2 files changed, 15 insertions, 0 deletions
diff --git a/games/dopewars/Makefile b/games/dopewars/Makefile
index 0c651c4b0fef..b102e6f0c36b 100644
--- a/games/dopewars/Makefile
+++ b/games/dopewars/Makefile
@@ -7,6 +7,7 @@
PORTNAME= dopewars
PORTVERSION= 1.4.8
+PORTREVISION= 1
CATEGORIES= games
MASTER_SITES= http://bellatrix.pcl.ox.ac.uk/~ben/dopewars/
@@ -15,6 +16,11 @@ MAINTAINER= jim@FreeBSD.org
USE_GMAKE= yes
GNU_CONFIGURE= yes
+pre-fetch:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+ ${SH} pkg-install
+.endif
+
post-install:
@${ECHO} "===> Documentation is installed in ${PREFIX}/share/doc/dopewars"
@${ECHO} "===> Run 'dopewars -h' for usage options."
diff --git a/games/dopewars/pkg-install b/games/dopewars/pkg-install
new file mode 100644
index 000000000000..47b307353295
--- /dev/null
+++ b/games/dopewars/pkg-install
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then
+ exit 0
+fi
+
+/usr/bin/dialog --yesno "SECURITY NOTE: This software contains known locally-exploitable buffer overflows. However since the binaries in question are setgid to the games group, the impact of this vulnerability is believed to be limited to the ability for local users to overwrite score files, saved games, and certain other game data for this and other installed game packages. The wider system security is not believed to be compromised by this problem. Do you wish to install the software anyway?" 12 70 || /usr/bin/false
+
+