From owner-freebsd-security  Thu Jun  3 20:49:50 1999
Delivered-To: freebsd-security@freebsd.org
Received: from host07.rwsystems.net (kasie.rwsystems.net [209.197.192.103])
	by hub.freebsd.org (Postfix) with ESMTP id 3D06014D91
	for <freebsd-security@freebsd.org>; Thu,  3 Jun 1999 20:49:46 -0700 (PDT)
	(envelope-from jwyatt@RWSystems.net)
Received: from kasie.rwsystems.net([209.197.192.103]) (2007 bytes) by host07.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@RWSystems.net>) 
	id <m10pkkF-000bxhC@host07.rwsystems.net>
	for <freebsd-security@freebsd.org>; Thu, 3 Jun 1999 22:34:11 -0500 (CDT)
	(Smail-3.2.0.104 1998-Nov-20 #1 built 1998-Dec-24)
Date: Thu, 3 Jun 1999 22:34:04 -0500 (CDT)
From: James Wyatt <jwyatt@RWSystems.net>
To: Matthew Hunt <mph@astro.caltech.edu>
Cc: Unknow User <kernel@tdnet.com.br>,
	Bill Fumerola <billf@jade.chc-chimes.com>,
	freebsd-security@freebsd.org
Subject: Re: SSH2 (in FreeBSD-Questions)
In-Reply-To: <19990603104521.I58665@wopr.caltech.edu>
Message-ID: <Pine.BSF.4.05.9906032228570.24168-100000@kasie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 3 Jun 1999, Matthew Hunt wrote:
> On Thu, Jun 03, 1999 at 02:40:01PM +0000, Unknow User wrote:
> > The problem is that we never now what SUID, port will install!
> > It happens that other has the same "false sense of security" i have:
> 
> You smoke crack.

Just another crack expert on this list... 8()

> How do you know what SUID binaries any software will install?  You
> read the source!  You can do exactly the same for the Ports Collection.
> It's all plain English (or at least plain Makefile) for your perusal.

I usually read the Makefile, rather than the source. I also keep a 'tee'
of the output from the various make phases. When you install something
that is SUID, you will usually hear about it in your nightly mail, another
really nice feature of FreeBSD. I can't count how many times I've seen the
mail from customer firewalls and been able to remotely diagnose duplicate
client IP addresses from the ARP jumps...

> I think you need to learn how the Ports Collection works before you
> condemn it.  You clearly do not understand it all.

The ports collection just flat rocks! It's the only thing better than
packages. I frequently use the ports to take the first whack at something
before I port it to AIX or Linux. My FreeBSD laptop is a good porting
tool - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message