Date: Fri, 18 Jun 1999 15:45:25 -0500 (CDT) From: Joe Greco <jgreco@ns.sol.net> To: mph@astro.caltech.edu (Matthew Hunt) Cc: security@freebsd.org Subject: Re: make world clobbers (was Re: some nice advice...) Message-ID: <199906182045.PAA82206@aurora.sol.net> In-Reply-To: <19990618130426.A27577@wopr.caltech.edu> from Matthew Hunt at "Jun 18, 1999 1: 4:27 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, Jun 18, 1999 at 02:55:22PM -0500, Joe Greco wrote: > > > secure service is a completely different issue. FreeBSD is highly nonoptimal > > for this sort of thing, as it comes with everything thrown into /usr/local > > or whereever the hell else the porter felt it should go. > > This statement is hardly fair. Ports go in $PREFIX, wherever that > may be. If something has /usr/local hardcoded, then it's a bug and > should be reported. > > The porters have no freedom in deciding whether this is the case. I've never seen that to be true; I have a whole _set_ of patches to make the Apache and Squid ports relocate into a defined prefix, because setting PREFIX=/squid make install doesn't cut it by a long shot. Now, I could give you a step-by-step through the various ports that disprove what you are trying to say, or you and I could just agree that in principle $PREFIX is a reasonable idea but it isn't well-implemented. Oh, what the heck. strings /usr/local/sbin/gated | grep '^/' /var/db/%s.pid /var/run/%s.version /etc/%s.conf I guess one could argue qpage either way; qpage puts its spool over in /var/spool/qpage and there isn't much you can configure about that. I probably wouldn't want that on a dedicated paging server. Fortunately I don't run one. The last time I looked at the INN port it was a nightmare. But I have not looked recently so I guess I won't point to it as a glaring counter- example. Neither Squid nor Apache build a usable configuration if you PREFIX elsewhere. None of this should reflect poorly on the ports people... the ports do what they are meant to and are certainly worthwhile. However, for some purposes you just can't use them. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906182045.PAA82206>