Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Aug 2000 18:25:16 -0500 (CDT)
From:      Mike Silbersack <silby@silby.com>
To:        Kris Kennaway <kris@FreeBSD.org>
Cc:        security@freebsd.org, ports@freebsd.org
Subject:   Re: Hilighting dangerous ports
Message-ID:  <Pine.BSF.4.21.0008161822250.14500-100000@achilles.silby.com>
In-Reply-To: <Pine.BSF.4.21.0008160054520.88623-100000@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On Wed, 16 Aug 2000, Kris Kennaway wrote:

> What does everyone think of the attached patch to bsd.port.mk, which
> hilights potentially insecure files installed by a port at install-time?
> 
> It does a find(1) over the packing list of the port looking for
> setuid/setgid files, as well as checking for startup scripts installed in
> ${PREFIX}/etc/rc.d which usually indicates a network daemon (Thanks to
> Brian Feldman for the latter idea).
> 
> If the port includes a WWW site, the user is directed there for contact
> information so they can talk to the software developers about the security
> of the port, if they have doubts (i.e. so they don't bother us) (Thanks to
> Peter Wemm for this idea)

Any way this could be mailed to root as well, or incorporated into that
day's security log?  I find when I'm installing ports, I tend to zoom by
all the messages.  However, if the info was (in addition) mailed to me,
I'd be more likely to pay attention.

I can see the mail to root being useful on boxes with multiple admins as
well.

Mike "Silby" Silbersack




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008161822250.14500-100000>