From dc3747899497cd2af2fea9b50704c5307f7ca24c Mon Sep 17 00:00:00 2001 From: will Date: Mon, 3 Sep 2001 17:48:23 +0000 Subject: Add a message to the port/package warning users about kcheckpass's setuid root bit, which is off by default. The purpose is to avoid having users who don't use kcheckpass become vulnerable to a root exploit. For more details see the actual pkg-message. Bump PORTREVISION to reflect this change in the package. As a side note, I'm a little wary about adding something like this so close to the ports freeze for 4.4-RELEASE. However, I decided that it was a minimal risk and went ahead with it in the hopes of avoiding the need for users to run into this "problem" themselves... --- x11/kde4-runtime/Makefile | 5 ++++- x11/kde4-runtime/pkg-message | 21 +++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 x11/kde4-runtime/pkg-message (limited to 'x11/kde4-runtime') diff --git a/x11/kde4-runtime/Makefile b/x11/kde4-runtime/Makefile index 2a4dfc2629e..67c9baf2bc1 100644 --- a/x11/kde4-runtime/Makefile +++ b/x11/kde4-runtime/Makefile @@ -7,7 +7,7 @@ PORTNAME= kdebase PORTVERSION= 2.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION}/src @@ -63,4 +63,7 @@ pre-configure: post-configure: ${PERL} -pi -e "s@444@644@g" ${WRKSRC}/kdesktop/init/Templates/Makefile +post-install: + @${CAT} ${PKGMESSAGE} + .include diff --git a/x11/kde4-runtime/pkg-message b/x11/kde4-runtime/pkg-message new file mode 100644 index 00000000000..1869be60abf --- /dev/null +++ b/x11/kde4-runtime/pkg-message @@ -0,0 +1,21 @@ + +************************** I M P O R T A N T **************************** + +This package (kdebase2) installs a program called kcheckpass which is +used by kdm or screensavers to check the user's password. This activity +requires it to be setuid root. However, for security reasons, FreeBSD +leaves the setuid bit on this binary off by default, for several reasons. +First, some people may not use screensavers or kdm at all. Second, +others may choose to use a different screensaver or display manager +utility. And finally, there may be holes in kcheckpass which can be +exploited to gain root privileges. FreeBSD chooses not to take that risk +with the default package. If you decide that you need it setuid root, +you can make it so: + + chmod u+s ${PREFIX}/bin/kcheckpass + +..where ${PREFIX} is the prefix where this package was installed. It is +typically /usr/local but may also be /usr/X11R6 or /usr. + +************************** I M P O R T A N T **************************** + -- cgit