From owner-freebsd-security@FreeBSD.ORG  Mon Aug 11 13:28:43 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 11A3B37B404
	for <freebsd-security@freebsd.org>;
	Mon, 11 Aug 2003 13:28:43 -0700 (PDT)
Received: from marklar.blazingdot.com (marklar.blazingdot.com [207.154.84.83])
	by mx1.FreeBSD.org (Postfix) with SMTP id 39DA243F93
	for <freebsd-security@freebsd.org>;
	Mon, 11 Aug 2003 13:28:42 -0700 (PDT)
	(envelope-from marcus@blazingdot.com)
Received: (qmail 32206 invoked by uid 503); 11 Aug 2003 20:28:42 -0000
Date: Mon, 11 Aug 2003 13:28:42 -0700
From: Marcus Reid <marcus@blazingdot.com>
To: Lowell Gilbert <freebsd-security-local@be-well.no-ip.com>
Message-ID: <20030811202841.GA29452@blazingdot.com>
References: <HCEOIHDIFOIIAGKAGBCHEENICMAA.freebsd@critesclan.com>
	<44llu6v432.fsf@be-well.ilk.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44llu6v432.fsf@be-well.ilk.org>
X-Coffee-Level: nearly-fatal
User-Agent: Mutt/1.5.4i
cc: freebsd@critesclan.com
cc: freebsd-security@freebsd.org
Subject: Re: statically compiled files left over after a 'make world'
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2003 20:28:43 -0000

On Wed, Aug 06, 2003 at 06:00:49PM -0400, Lowell Gilbert wrote:
> <freebsd@critesclan.com> writes:
> 
> > I'm not sure if there is a "deal" to be made over this, but the question
> > still remains. What do you do with those programs that have not been rebuilt
> > in a buildworld? Are they security risks? Are they simply things missed in
> > the make, and someone needs to add them in?
> > 
> > The impression I have is that anything not rebuilt after the above process
> > is an error condition that should be addressed. Am I wrong?
> 
> With a couple of exceptions, you're right.  The exceptions, however,
> are important.  One is programs that weren't in the base system to
> begin with; there are again two types of these: those that have been
> mistakenly installed to base system directories (this occasionally
> happens with broken ports), and /stand, which is installed by the
> initial install but is not part of the base system (if you want an
> updated version, you have to build it separately).  The other
> exception is things that *used* to be in the base system, but have
> been removed.  These (an example is kernfs support) can be safely
> removed, but there is currently no mechanism to do so automatically.

It's a fairly time-consuming process, but on occasion I like to
do a 'make world DESTDIR=$D' where D is an optional install root,
and then compare the resulting tree with the real root and remove
any cruft that might be laying around. AFAIK this is the only way
to accomplish this.

Marcus