From owner-p4-projects@FreeBSD.ORG Wed Jul 19 13:10:22 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C0DC616A4E9; Wed, 19 Jul 2006 13:10:22 +0000 (UTC) X-Original-To: perforce@FreeBSD.org Delivered-To: perforce@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26D4C16A4E5 for ; Wed, 19 Jul 2006 13:10:22 +0000 (UTC) (envelope-from gabor@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EB4243D6D for ; Wed, 19 Jul 2006 13:10:18 +0000 (GMT) (envelope-from gabor@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k6JDAIl5040920 for ; Wed, 19 Jul 2006 13:10:18 GMT (envelope-from gabor@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k6JDAIf1040917 for perforce@freebsd.org; Wed, 19 Jul 2006 13:10:18 GMT (envelope-from gabor@FreeBSD.org) Date: Wed, 19 Jul 2006 13:10:18 GMT Message-Id: <200607191310.k6JDAIf1040917@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gabor@FreeBSD.org using -f From: Gabor Kovesdan To: Perforce Change Reviews Cc: Subject: PERFORCE change 101924 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 13:10:23 -0000 http://perforce.freebsd.org/chv.cgi?CH=101924 Change 101924 by gabor@gabor_spitfire on 2006/07/19 13:10:03 The security report now reports if we installed something to DESTDIR. Affected files ... .. //depot/projects/soc2006/gabor_ports/Mk/bsd.port.mk#42 edit .. //depot/projects/soc2006/gabor_ports/Tools/scripts/security-check.awk#2 edit Differences ... ==== //depot/projects/soc2006/gabor_ports/Mk/bsd.port.mk#42 (text+ko) ==== @@ -3908,7 +3908,7 @@ | ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f -print0 2> /dev/null \ | ${XARGS} -0 -n 1 ${OBJDUMP} -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump; \ if \ - ! ${AWK} -v audit="$${PORTS_AUDIT}" -f ${PORTSDIR}/Tools/scripts/security-check.awk \ + ! ${AWK} -v audit="$${PORTS_AUDIT}" -v destdir="${DESTDIR}" -f ${PORTSDIR}/Tools/scripts/security-check.awk \ ${WRKDIR}/.PLIST.flattened ${WRKDIR}/.PLIST.objdump ${WRKDIR}/.PLIST.setuid ${WRKDIR}/.PLIST.writable; \ then \ www_site=$$(cd ${.CURDIR} && ${MAKE} ${__softMAKEFLAGS} www-site); \ ==== //depot/projects/soc2006/gabor_ports/Tools/scripts/security-check.awk#2 (text+ko) ==== @@ -34,10 +34,18 @@ function print_header() { if (header_printed) return; - if (audit != "") - print "===> SECURITY REPORT (PARANOID MODE): "; - else - print "===> SECURITY REPORT: "; + if (audit != "") { + if (destdir == "") + print "===> SECURITY REPORT (PARANOID MODE): "; + else + print "===> SECURITY REPORT FOR", destdir, "(PARANOID MODE): "; + } + else { + if (destdir == "") + print "===> SECURITY REPORT: "; + else + print "===> SECURITY REPORT FOR", destdir, ": "; + } header_printed = 1; } function note_for_the_stupid(file) { return (file in stupid_binaries) ? (" (USES POSSIBLY INSECURE FUNCTIONS:" stupid_binaries[file] ")") : ""; } @@ -46,8 +54,14 @@ for (file in setuid_binaries) { if (!note_printed) { print_header(); - print " This port has installed the following binaries which execute with"; - print " increased privileges."; + if (destdir == "") { + print " This port has installed the following binaries, which execute with"; + print " increased privileges."; + } + else { + print " This port has installed the following binaries into", destdir, ", which"; + print " execute with increased privileges."; + } note_printed = 1; } print file note_for_the_stupid(file); @@ -58,8 +72,15 @@ for (file in network_binaries) { if (!note_printed) { print_header(); - print " This port has installed the following files which may act as network"; - print " servers and may therefore pose a remote security risk to the system."; + if (destdir == "") { + print " This port has installed the following files, which may act as network"; + print " servers and may therefore pose a remote security risk to the system."; + } + else { + print " This port has installed the following files into", destdir, ", which may"; + print " act as network servers and may therefore pose a remote security risk to"; + print " the system."; + } note_printed = 1; } print file note_for_the_stupid(file); @@ -70,8 +91,14 @@ for (file in startup_scripts) { if (!note_printed) { print_header(); - print " This port has installed the following startup scripts which may cause"; + if (destdir == "") { + print " This port has installed the following startup scripts, which may cause"; print " these network services to be started at boot time."; + } + else { + print " This port has installed the following startup scripts into", destdir, ", which"; + print " may cause these network services to be started at boot time."; + } note_printed = 1; } print file; @@ -83,7 +110,10 @@ for (file in writable_files) { if (!note_printed) { print_header(); - print " This port has installed the following world-writable files/directories."; + if (destdir == "") + print " This port has installed the following world-writable files/directories."; + else + print " This port has installed the following world-writable files/directories into", destdir, "."; note_printed = 1; } print file;