Date: Wed, 16 Aug 2000 18:25:16 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Kris Kennaway <kris@FreeBSD.org> Cc: security@freebsd.org, ports@freebsd.org Subject: Re: Hilighting dangerous ports Message-ID: <Pine.BSF.4.21.0008161822250.14500-100000@achilles.silby.com> In-Reply-To: <Pine.BSF.4.21.0008160054520.88623-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Aug 2000, Kris Kennaway wrote:
> What does everyone think of the attached patch to bsd.port.mk, which
> hilights potentially insecure files installed by a port at install-time?
>
> It does a find(1) over the packing list of the port looking for
> setuid/setgid files, as well as checking for startup scripts installed in
> ${PREFIX}/etc/rc.d which usually indicates a network daemon (Thanks to
> Brian Feldman for the latter idea).
>
> If the port includes a WWW site, the user is directed there for contact
> information so they can talk to the software developers about the security
> of the port, if they have doubts (i.e. so they don't bother us) (Thanks to
> Peter Wemm for this idea)
Any way this could be mailed to root as well, or incorporated into that
day's security log? I find when I'm installing ports, I tend to zoom by
all the messages. However, if the info was (in addition) mailed to me,
I'd be more likely to pay attention.
I can see the mail to root being useful on boxes with multiple admins as
well.
Mike "Silby" Silbersack
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008161822250.14500-100000>