From owner-freebsd-security  Thu Aug 17  9:25:48 2000
Delivered-To: freebsd-security@freebsd.org
Received: from blizzard.sabbo.net (blizzard.sabbo.net [193.193.218.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3E90637B774; Thu, 17 Aug 2000 09:24:52 -0700 (PDT)
Received: from vic.sabbo.net (root@vic.sabbo.net [193.193.218.106])
	by blizzard.sabbo.net (8.9.1/8.9.3) with ESMTP id TAA06404;
	Thu, 17 Aug 2000 19:24:20 +0300 (EEST)
Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1])
	by vic.sabbo.net (8.9.3/8.9.3) with ESMTP id TAA06241;
	Thu, 17 Aug 2000 19:24:21 +0300 (EEST)
	(envelope-from sobomax@FreeBSD.org)
Message-ID: <399C11B1.B69DCDED@FreeBSD.org>
Date: Thu, 17 Aug 2000 19:24:17 +0300
From: Maxim Sobolev <sobomax@FreeBSD.org>
Organization: Vega International Capital
X-Mailer: Mozilla 4.74 [en] (WinNT; U)
X-Accept-Language: uk,ru,en
MIME-Version: 1.0
To: Kris Kennaway <kris@FreeBSD.org>
Cc: Sheldon Hearn <sheldonh@uunet.co.za>, security@FreeBSD.org,
	ports@FreeBSD.org
Subject: Re: Hilighting dangerous ports
References: <Pine.BSF.4.21.0008160202110.98185-100000@freefall.freebsd.org>
Content-Type: text/plain; charset=x-user-defined
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kris Kennaway wrote:

> On Wed, 16 Aug 2000, Sheldon Hearn wrote:
>
> > > What does everyone think of the attached patch to bsd.port.mk, which
> > > hilights potentially insecure files installed by a port at install-time?
> >
> > I like the idea.  It would be even more of an improvement over the
> > status quo if a solution for packages could be found.  Many folks use
> > packages only and many more use packages mostly. :-)
>
> In principle it's a straightforward thing, since pkg_add also has the
> PLIST available - it's just slightly more difficult to write the
> equivalent in C than as a shell script.

Good idea. Few notes, though:
1. There should be the way to disable security notification, so user will have
chance to shoot himself in a foot if he wants to.
2. You not necessary have to modify pkg_add to check securitry of the package
being installed. IMHO the much easier is to add appropriate logic into
bsd.port.mk, which would display security warnings *and* append its copy into
MESSAGE, so the user will see it during package install.

Just my 2 cents.

-Maxim




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message