Date: Mon, 28 May 2012 15:14:20 -0500 From: Stephen Montgomery-Smith <stephen@missouri.edu> To: Eitan Adler <lists@eitanadler.com> Cc: ports-security@freebsd.org, Stephen Montgomery-Smith <stephen@freebsd.org>, freebsd-ports@freebsd.org Subject: Re: math/sage security risk Message-ID: <4FC3DC9C.4030301@missouri.edu> In-Reply-To: <CAF6rxgk=hfTm6isiJXaBxARhtxUxXKy9zf9nHw3VhPz6os4z9g@mail.gmail.com> References: <4FC3B293.6090701@missouri.edu> <CAF6rxgk=hfTm6isiJXaBxARhtxUxXKy9zf9nHw3VhPz6os4z9g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/28/2012 01:38 PM, Eitan Adler wrote: > On 28 May 2012 10:14, Stephen Montgomery-Smith<stephen@missouri.edu> wrote: >> After my recent conversations about creating a print/texlive-install port, I >> realize that my math/sage port might have a security risk. This only >> happens if the user selects additional optional packages. But the optional >> packages are downloaded post-fetch. >> >> I'll make some immediate band-aid changes to the port to switch this off, >> but I'll think through the issue in the days to come. > > adding ports-security to cc so we could track the issue > I just committed instructions to the port math/sage telling users how to add the optional packages manually, and explaining the security risk. Please contact me if this is still a problem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FC3DC9C.4030301>