Date: Fri, 4 Jun 1999 08:19:08 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: security@FreeBSD.ORG Subject: Re: SSH2 (in FreeBSD-Questions) Message-ID: <Pine.GSO.3.96.990604081850.5931F-100000@roble2.roble.com>
next in thread | raw e-mail | index | archive | help
>The problem is that we never now what SUID, port will install! Not only "what SUID" but "where" as well. Ports may be one the best things about FreeBSD but there's still _plenty_ of room for improvement. One thing ports don't do well is install themselves in predictable locations. Instead you'll find them installing files in /usr/local/etc, /usr/local/bin, /usr/local/sbin, /usr/local/libexec, /var, etc. When I install ssh2 I want it all under /usr/local/ssh. This alone is a good reason to use ports sparingly (after reviewing the patches). This might not seem like a big deal on end-user or non-production systems but it can be a real headache in larger environments where configuration control is important. The only other OS I know of that spreads applications so thinly across the OS is MS Windows. It also effectively prevents FreeBSD from being able to share /usr/local via NFS, as most large installations do. Solaris is the example FreeBSD should be following in this area. /usr/ports/Makefile would be a good place to enforce some predictability, and ideally prompt for things like port_root. Another thing ports don't do is tell you where they install files. "make -n install" or "make -n real-install" rarely yields any useful information. Even the post-install info in /var/db/pkg lacks detail, especially when compared with Solaris' /var/sadm. The FreeBSD operating system is a model of good development. Revision control, code review and well thought out policies make it so. Why is it ports don't receive the same attention to detail? -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.990604081850.5931F-100000>