Date: Thu, 31 Aug 2006 18:15:18 +0400 From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org> To: "FreeBSD Ports" <ports@freebsd.org>, secteam@freebsd.org, portmgr@freebsd.org Subject: World-writable files installed by ports Message-ID: <cb5206420608310715y7f9718e2j8736237f7943fad@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Under no circumstances should a port install world-writable files or directories. In most cases this opens the system to all kinds of attacks. A simple grep brings the following list of makefiles to attention. I imagine that samba ports are somehow justified, as for the other ones, I hope secteam and committers will do something about them. chinese/muni/Makefile chinese/tatter-tools/Makefile chinese/xemacs/Makefile devel/plan9port/Makefile editors/emacs19/Makefile emulators/linux-geepee32/Makefile finance/myphpmoney/Makefile french/facturier/Makefile ftp/ftpq/Makefile games/flightgear-aircrafts/Makefile games/mirrormagic/Makefile games/rocksndiamonds/Makefile games/xdeblock/Makefile games/xjumpx/Makefile games/xsokoban/Makefile games/zangband/Makefile japanese/dvi2dvi/Makefile japanese/plan/Makefile japanese/samba/Makefile japanese/zangband/Makefile korean/hanemacs/Makefile net-im/kpopup/Makefile net/dimes/Makefile net/samba/Makefile net/samba3/Makefile www/chpasswd/Makefile www/eaccelerator/Makefile www/phpmyfaq/Makefile www/ssserver/Makefile Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420608310715y7f9718e2j8736237f7943fad>