diff options
author | will <will@FreeBSD.org> | 2001-09-04 01:48:23 +0800 |
---|---|---|
committer | will <will@FreeBSD.org> | 2001-09-04 01:48:23 +0800 |
commit | dc3747899497cd2af2fea9b50704c5307f7ca24c (patch) | |
tree | d1bb2094c062148b1d1dc24441c1ce9504a5dae2 /x11/kdebase4 | |
parent | 0c80d6650c8e903ad7e0dec9d7e096cced45f63f (diff) | |
download | freebsd-ports-gnome-dc3747899497cd2af2fea9b50704c5307f7ca24c.tar.gz freebsd-ports-gnome-dc3747899497cd2af2fea9b50704c5307f7ca24c.tar.zst freebsd-ports-gnome-dc3747899497cd2af2fea9b50704c5307f7ca24c.zip |
Add a message to the port/package warning users about kcheckpass's
setuid root bit, which is off by default. The purpose is to avoid
having users who don't use kcheckpass become vulnerable to a root
exploit. For more details see the actual pkg-message. Bump PORTREVISION
to reflect this change in the package.
As a side note, I'm a little wary about adding something like this so
close to the ports freeze for 4.4-RELEASE. However, I decided that it
was a minimal risk and went ahead with it in the hopes of avoiding the
need for users to run into this "problem" themselves...
Diffstat (limited to 'x11/kdebase4')
-rw-r--r-- | x11/kdebase4/Makefile | 5 | ||||
-rw-r--r-- | x11/kdebase4/pkg-message | 21 |
2 files changed, 25 insertions, 1 deletions
diff --git a/x11/kdebase4/Makefile b/x11/kdebase4/Makefile index 2a4dfc2629ef..67c9baf2bc10 100644 --- a/x11/kdebase4/Makefile +++ b/x11/kdebase4/Makefile @@ -7,7 +7,7 @@ PORTNAME= kdebase PORTVERSION= 2.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION}/src @@ -63,4 +63,7 @@ pre-configure: post-configure: ${PERL} -pi -e "s@444@644@g" ${WRKSRC}/kdesktop/init/Templates/Makefile +post-install: + @${CAT} ${PKGMESSAGE} + .include <bsd.port.post.mk> diff --git a/x11/kdebase4/pkg-message b/x11/kdebase4/pkg-message new file mode 100644 index 000000000000..1869be60abfa --- /dev/null +++ b/x11/kdebase4/pkg-message @@ -0,0 +1,21 @@ + +************************** I M P O R T A N T **************************** + +This package (kdebase2) installs a program called kcheckpass which is +used by kdm or screensavers to check the user's password. This activity +requires it to be setuid root. However, for security reasons, FreeBSD +leaves the setuid bit on this binary off by default, for several reasons. +First, some people may not use screensavers or kdm at all. Second, +others may choose to use a different screensaver or display manager +utility. And finally, there may be holes in kcheckpass which can be +exploited to gain root privileges. FreeBSD chooses not to take that risk +with the default package. If you decide that you need it setuid root, +you can make it so: + + chmod u+s ${PREFIX}/bin/kcheckpass + +..where ${PREFIX} is the prefix where this package was installed. It is +typically /usr/local but may also be /usr/X11R6 or /usr. + +************************** I M P O R T A N T **************************** + |