From owner-freebsd-security  Thu Sep 14  8:14:28 2000
Delivered-To: freebsd-security@freebsd.org
Received: from hub.lovett.com (hub.lovett.com [216.60.121.161])
	by hub.freebsd.org (Postfix) with ESMTP
	id BAA6637B50D; Thu, 14 Sep 2000 08:14:19 -0700 (PDT)
Received: from ade by hub.lovett.com with local (Exim 3.16 #1)
	id 13ZaiP-000J6E-00; Thu, 14 Sep 2000 10:14:17 -0500
Date: Thu, 14 Sep 2000 10:14:17 -0500
From: Ade Lovett <ade@FreeBSD.org>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: "Louis A. Mamakos" <louie@TransSys.COM>, security@freebsd.org
Subject: Re: potential security exposure in GNOME/ORBit?
Message-ID: <20000914101417.A73358@FreeBSD.org>
References: <200009140243.e8E2hDG42233@whizzo.transsys.com> <Pine.BSF.4.21.0009132204050.48270-100000@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="HlL+5n6rz5pIUxbD"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0009132204050.48270-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Wed, Sep 13, 2000 at 10:05:40PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--HlL+5n6rz5pIUxbD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Sep 13, 2000 at 10:05:40PM -0700, Kris Kennaway wrote:
> Unless anyone can think of compelling reasons to have network listening
> enabled, I'd prefer to have it disabled by default.

Please review the following patch.. I'll commit later today unless
I hear screams of anguish otherwise (note that there is no etc/orbitrc
installed by default, hence the initial overwriting).

-aDe

-- 
Ade Lovett, Austin, TX.			ade@FreeBSD.org
FreeBSD: The Power to Serve		http://www.FreeBSD.org/

--HlL+5n6rz5pIUxbD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="orbit.patch"

Index: Makefile
===================================================================
RCS file: /home/src/FreeBSD/ports/devel/ORBit/Makefile,v
retrieving revision 1.34
diff -u -r1.34 Makefile
--- Makefile	2000/08/04 01:15:44	1.34
+++ Makefile	2000/09/14 15:02:59
@@ -7,6 +7,7 @@
 
 PORTNAME=	ORBit
 PORTVERSION=	0.5.3
+PORTREVISION=	1
 CATEGORIES=	devel gnome
 MASTER_SITES=	${MASTER_SITE_GNOME}
 MASTER_SITE_SUBDIR=	stable/sources/ORBit
@@ -27,5 +28,9 @@
 		LDFLAGS="-L${LOCALBASE}/lib"
 
 CONFIGURE_ARGS= --disable-indent
+
+post-install:
+	@${ECHO} "ORBIIOPIPv4=0" > ${PREFIX}/etc/orbitrc
+	@${ECHO} "ORBIIOPIPv6=0" >> ${PREFIX}/etc/orbitrc
 
 .include <bsd.port.mk>
Index: pkg/PLIST
===================================================================
RCS file: /home/src/FreeBSD/ports/devel/ORBit/pkg/PLIST,v
retrieving revision 1.10
diff -u -r1.10 PLIST
--- pkg/PLIST	2000/06/15 17:12:26	1.10
+++ pkg/PLIST	2000/09/14 15:13:58
@@ -7,6 +7,7 @@
 bin/orbit-ird
 bin/orbit-name-server
 etc/libIDLConf.sh
+etc/orbitrc
 include/IIOP/IIOP-config.h
 include/IIOP/IIOP-types.h
 include/IIOP/IIOP.h

--HlL+5n6rz5pIUxbD--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message