aboutsummaryrefslogtreecommitdiffstats
path: root/x11/kdebase4
diff options
context:
space:
mode:
authorwill <will@FreeBSD.org>2001-09-04 01:48:23 +0800
committerwill <will@FreeBSD.org>2001-09-04 01:48:23 +0800
commitdc3747899497cd2af2fea9b50704c5307f7ca24c (patch)
treed1bb2094c062148b1d1dc24441c1ce9504a5dae2 /x11/kdebase4
parent0c80d6650c8e903ad7e0dec9d7e096cced45f63f (diff)
downloadfreebsd-ports-gnome-dc3747899497cd2af2fea9b50704c5307f7ca24c.tar.gz
freebsd-ports-gnome-dc3747899497cd2af2fea9b50704c5307f7ca24c.tar.zst
freebsd-ports-gnome-dc3747899497cd2af2fea9b50704c5307f7ca24c.zip
Add a message to the port/package warning users about kcheckpass's
setuid root bit, which is off by default. The purpose is to avoid having users who don't use kcheckpass become vulnerable to a root exploit. For more details see the actual pkg-message. Bump PORTREVISION to reflect this change in the package. As a side note, I'm a little wary about adding something like this so close to the ports freeze for 4.4-RELEASE. However, I decided that it was a minimal risk and went ahead with it in the hopes of avoiding the need for users to run into this "problem" themselves...
Diffstat (limited to 'x11/kdebase4')
-rw-r--r--x11/kdebase4/Makefile5
-rw-r--r--x11/kdebase4/pkg-message21
2 files changed, 25 insertions, 1 deletions
diff --git a/x11/kdebase4/Makefile b/x11/kdebase4/Makefile
index 2a4dfc2629ef..67c9baf2bc10 100644
--- a/x11/kdebase4/Makefile
+++ b/x11/kdebase4/Makefile
@@ -7,7 +7,7 @@
PORTNAME= kdebase
PORTVERSION= 2.2
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES?= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION}/src
@@ -63,4 +63,7 @@ pre-configure:
post-configure:
${PERL} -pi -e "s@444@644@g" ${WRKSRC}/kdesktop/init/Templates/Makefile
+post-install:
+ @${CAT} ${PKGMESSAGE}
+
.include <bsd.port.post.mk>
diff --git a/x11/kdebase4/pkg-message b/x11/kdebase4/pkg-message
new file mode 100644
index 000000000000..1869be60abfa
--- /dev/null
+++ b/x11/kdebase4/pkg-message
@@ -0,0 +1,21 @@
+
+************************** I M P O R T A N T ****************************
+
+This package (kdebase2) installs a program called kcheckpass which is
+used by kdm or screensavers to check the user's password. This activity
+requires it to be setuid root. However, for security reasons, FreeBSD
+leaves the setuid bit on this binary off by default, for several reasons.
+First, some people may not use screensavers or kdm at all. Second,
+others may choose to use a different screensaver or display manager
+utility. And finally, there may be holes in kcheckpass which can be
+exploited to gain root privileges. FreeBSD chooses not to take that risk
+with the default package. If you decide that you need it setuid root,
+you can make it so:
+
+ chmod u+s ${PREFIX}/bin/kcheckpass
+
+..where ${PREFIX} is the prefix where this package was installed. It is
+typically /usr/local but may also be /usr/X11R6 or /usr.
+
+************************** I M P O R T A N T ****************************
+