Date: Wed, 19 Jul 2006 13:10:18 GMT From: Gabor Kovesdan <gabor@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 101924 for review Message-ID: <200607191310.k6JDAIf1040917@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=101924 Change 101924 by gabor@gabor_spitfire on 2006/07/19 13:10:03 The security report now reports if we installed something to DESTDIR. Affected files ... .. //depot/projects/soc2006/gabor_ports/Mk/bsd.port.mk#42 edit .. //depot/projects/soc2006/gabor_ports/Tools/scripts/security-check.awk#2 edit Differences ... ==== //depot/projects/soc2006/gabor_ports/Mk/bsd.port.mk#42 (text+ko) ==== @@ -3908,7 +3908,7 @@ | ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f -print0 2> /dev/null \ | ${XARGS} -0 -n 1 ${OBJDUMP} -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump; \ if \ - ! ${AWK} -v audit="$${PORTS_AUDIT}" -f ${PORTSDIR}/Tools/scripts/security-check.awk \ + ! ${AWK} -v audit="$${PORTS_AUDIT}" -v destdir="${DESTDIR}" -f ${PORTSDIR}/Tools/scripts/security-check.awk \ ${WRKDIR}/.PLIST.flattened ${WRKDIR}/.PLIST.objdump ${WRKDIR}/.PLIST.setuid ${WRKDIR}/.PLIST.writable; \ then \ www_site=$$(cd ${.CURDIR} && ${MAKE} ${__softMAKEFLAGS} www-site); \ ==== //depot/projects/soc2006/gabor_ports/Tools/scripts/security-check.awk#2 (text+ko) ==== @@ -34,10 +34,18 @@ function print_header() { if (header_printed) return; - if (audit != "") - print "===> SECURITY REPORT (PARANOID MODE): "; - else - print "===> SECURITY REPORT: "; + if (audit != "") { + if (destdir == "") + print "===> SECURITY REPORT (PARANOID MODE): "; + else + print "===> SECURITY REPORT FOR", destdir, "(PARANOID MODE): "; + } + else { + if (destdir == "") + print "===> SECURITY REPORT: "; + else + print "===> SECURITY REPORT FOR", destdir, ": "; + } header_printed = 1; } function note_for_the_stupid(file) { return (file in stupid_binaries) ? (" (USES POSSIBLY INSECURE FUNCTIONS:" stupid_binaries[file] ")") : ""; } @@ -46,8 +54,14 @@ for (file in setuid_binaries) { if (!note_printed) { print_header(); - print " This port has installed the following binaries which execute with"; - print " increased privileges."; + if (destdir == "") { + print " This port has installed the following binaries, which execute with"; + print " increased privileges."; + } + else { + print " This port has installed the following binaries into", destdir, ", which"; + print " execute with increased privileges."; + } note_printed = 1; } print file note_for_the_stupid(file); @@ -58,8 +72,15 @@ for (file in network_binaries) { if (!note_printed) { print_header(); - print " This port has installed the following files which may act as network"; - print " servers and may therefore pose a remote security risk to the system."; + if (destdir == "") { + print " This port has installed the following files, which may act as network"; + print " servers and may therefore pose a remote security risk to the system."; + } + else { + print " This port has installed the following files into", destdir, ", which may"; + print " act as network servers and may therefore pose a remote security risk to"; + print " the system."; + } note_printed = 1; } print file note_for_the_stupid(file); @@ -70,8 +91,14 @@ for (file in startup_scripts) { if (!note_printed) { print_header(); - print " This port has installed the following startup scripts which may cause"; + if (destdir == "") { + print " This port has installed the following startup scripts, which may cause"; print " these network services to be started at boot time."; + } + else { + print " This port has installed the following startup scripts into", destdir, ", which"; + print " may cause these network services to be started at boot time."; + } note_printed = 1; } print file; @@ -83,7 +110,10 @@ for (file in writable_files) { if (!note_printed) { print_header(); - print " This port has installed the following world-writable files/directories."; + if (destdir == "") + print " This port has installed the following world-writable files/directories."; + else + print " This port has installed the following world-writable files/directories into", destdir, "."; note_printed = 1; } print file;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607191310.k6JDAIf1040917>