From owner-cvs-all Wed Sep 13 9:19:18 2000 Delivered-To: cvs-all@freebsd.org Received: from hub.lovett.com (hub.lovett.com [216.60.121.161]) by hub.freebsd.org (Postfix) with ESMTP id 6CF9037B43C; Wed, 13 Sep 2000 09:19:11 -0700 (PDT) Received: from ade by hub.lovett.com with local (Exim 3.16 #1) id 13ZFFc-000HZL-00; Wed, 13 Sep 2000 11:19:08 -0500 Date: Wed, 13 Sep 2000 11:19:08 -0500 From: Ade Lovett To: Yukihiro Nakai Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/x11/gdm - Imported sources Message-ID: <20000913111908.T61662@FreeBSD.org> References: <200009131512.IAA76454@freefall.freebsd.org> <20000913101708.N61662@FreeBSD.org> <200009131614.BAA27280@ns.tokyo.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200009131614.BAA27280@ns.tokyo.redhat.com>; from nakai@FreeBSD.org on Thu, Sep 14, 2000 at 01:07:02AM +0900 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Sep 14, 2000 at 01:07:02AM +0900, Yukihiro Nakai wrote: > Sorry I didn't know it's still such a headache. > > I think many users want to use gdm even if it works only on > standalone machine so how is to set it broken and warn to users > it's very exploitable, or should I delete all until the more secure > gdm will be released ? At the bare minimum, I would suggest doing something similar to ports/x11/XFree86-4, which pops up a dialog box warning that gdm may contain vulnerabilities leading to local root compromise (I don't think it was ever remote-rootable, but I could be wrong). pkg/INSTALL contains the dialog code, and there's a few wrappers you'll need to put in the Makefile to hook it in. I think this should satisfy everybody, whilst still making the port available. Kris? Any other suggestions as SO? -aDe -- Ade Lovett, Austin, TX. ade@FreeBSD.org FreeBSD: The Power to Serve http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message