Date: Wed, 16 Aug 2000 18:25:16 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Kris Kennaway <kris@FreeBSD.org> Cc: security@freebsd.org, ports@freebsd.org Subject: Re: Hilighting dangerous ports Message-ID: <Pine.BSF.4.21.0008161822250.14500-100000@achilles.silby.com> In-Reply-To: <Pine.BSF.4.21.0008160054520.88623-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Aug 2000, Kris Kennaway wrote: > What does everyone think of the attached patch to bsd.port.mk, which > hilights potentially insecure files installed by a port at install-time? > > It does a find(1) over the packing list of the port looking for > setuid/setgid files, as well as checking for startup scripts installed in > ${PREFIX}/etc/rc.d which usually indicates a network daemon (Thanks to > Brian Feldman for the latter idea). > > If the port includes a WWW site, the user is directed there for contact > information so they can talk to the software developers about the security > of the port, if they have doubts (i.e. so they don't bother us) (Thanks to > Peter Wemm for this idea) Any way this could be mailed to root as well, or incorporated into that day's security log? I find when I'm installing ports, I tend to zoom by all the messages. However, if the info was (in addition) mailed to me, I'd be more likely to pay attention. I can see the mail to root being useful on boxes with multiple admins as well. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008161822250.14500-100000>