Date: Wed, 13 Sep 2000 11:19:08 -0500 From: Ade Lovett <ade@FreeBSD.org> To: Yukihiro Nakai <nakai@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/x11/gdm - Imported sources Message-ID: <20000913111908.T61662@FreeBSD.org> In-Reply-To: <200009131614.BAA27280@ns.tokyo.redhat.com>; from nakai@FreeBSD.org on Thu, Sep 14, 2000 at 01:07:02AM %2B0900 References: <200009131512.IAA76454@freefall.freebsd.org> <20000913101708.N61662@FreeBSD.org> <200009131614.BAA27280@ns.tokyo.redhat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 14, 2000 at 01:07:02AM +0900, Yukihiro Nakai wrote: > Sorry I didn't know it's still such a headache. > > I think many users want to use gdm even if it works only on > standalone machine so how is to set it broken and warn to users > it's very exploitable, or should I delete all until the more secure > gdm will be released ? At the bare minimum, I would suggest doing something similar to ports/x11/XFree86-4, which pops up a dialog box warning that gdm may contain vulnerabilities leading to local root compromise (I don't think it was ever remote-rootable, but I could be wrong). pkg/INSTALL contains the dialog code, and there's a few wrappers you'll need to put in the Makefile to hook it in. I think this should satisfy everybody, whilst still making the port available. Kris? Any other suggestions as SO? -aDe -- Ade Lovett, Austin, TX. ade@FreeBSD.org FreeBSD: The Power to Serve http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000913111908.T61662>