From owner-freebsd-ports Wed Mar 29 20:30:39 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 6184437B7CC; Wed, 29 Mar 2000 20:30:37 -0800 (PST) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id UAA35448; Wed, 29 Mar 2000 20:30:37 -0800 (PST) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 29 Mar 2000 20:30:35 -0800 (PST) From: Kris Kennaway To: Satoshi - Ports Wraith - Asami Cc: "David O'Brien" , ports@FreeBSD.org Subject: Re: pkg/SECURITY In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 29 Mar 2000, Satoshi - Ports Wraith - Asami wrote: > * Because pkg/MESSAGE might already exist, and it's for a separate > * purpose. MESSAGE is often used for things like post-install configuration > * options that must be done before the port can be used, which isn't > * appropriate to display before compilation. > > Well, you can use pkg/MESSAGE for anything you want.... Yes, but if it's already in use by a port for displaying post-installation configuration instructions, and we add a security note which is displayed PRIOR to build, it would be quite confusing, IMO. > * My pkg/SECURITY change also prints it bracketed by a > * > * ****** SECURITY WARNING ****** > * > * line and adds a "Press ^C if this is not acceptable" when displaying in > * pre-fetch. > > You can put those inside the message files too. :) Perhaps I wasn't clear..the first time it displays it (in pre-fetch) it gives the extra ^C line, the second time (in post-install) it doesn't. Thats not possible to do from MESSAGES. > * I think it's cleaner to have it separate to MESSAGES. > > Actually I think it's better to use a REQ file so you can make sure > the user actually reads those stuff.... A lot of the security warnings are probably going to be along the lines of "this port installs a setuid root binary which has not been audited" or "this port does dangerous-looking things with strcpy() which we haven't been able to prove are exploitable" - I figured it would be too annoying to most people to have each and every port which displays something prompt for approval, but if people are willing to do that I'll certainly agree :) If not, I was planning to add a SECURITY_SERIOUS variable which _would_ stop and prompt for confirmation, e.g. like the delegate port does now. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message