Date: Thu, 14 Sep 2000 12:09:49 -0500 From: Ade Lovett <ade@FreeBSD.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: "Louis A. Mamakos" <louie@TransSys.COM>, security@freebsd.org Subject: Re: potential security exposure in GNOME/ORBit? Message-ID: <20000914120949.E73990@FreeBSD.org> In-Reply-To: <Pine.BSF.4.21.0009141002320.60342-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Thu, Sep 14, 2000 at 10:04:51AM -0700 References: <20000914101417.A73358@FreeBSD.org> <Pine.BSF.4.21.0009141002320.60342-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 14, 2000 at 10:04:51AM -0700, Kris Kennaway wrote: > Hmm. Doing it this way will spam any local configuration changes someone > may make after installation when they upgrade to a new version..are there > any other settings it is likely people may want to set in the orbitrc > file? Well, I have practically every GNOME port installed on my crashbox, and at no time has anything ever been put in etc/orbitrc > What may be better is to make those settings the default policy, and then > install an orbitrc.sample showing how to override them and only remove > that file, not orbitrc. So you'd be happy with installing an orbitrc.sample, followed by a pkg/MESSAGE printout telling them to merge it with any existing orbitrc they might have, otherwise their box could be insecure? -aDe -- Ade Lovett, Austin, TX. ade@FreeBSD.org FreeBSD: The Power to Serve http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000914120949.E73990>