Date: Thu, 12 Jan 2017 17:47:08 +0100 From: Roland Smith <rsmith@xs4all.nl> To: Damien Fleuriot <ml@my.gd> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: [ports] finding an orphan to maintain Message-ID: <20170112164708.GA73939@slackbox.erewhon.home> In-Reply-To: <CAE63ME63yh_PBQH9SaivM3C%2B-XKG0XE=XYFBNUFAafMc-3s6uw@mail.gmail.com> References: <CAE63ME592BgZdTdOHr3eM-=3Vf5WZfOQ1gp4Vuqm9uM5Gbg9HQ@mail.gmail.com> <20170111110634.GB53285@slackbox.erewhon.home> <CAE63ME63yh_PBQH9SaivM3C%2B-XKG0XE=XYFBNUFAafMc-3s6uw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 11, 2017 at 12:53:02PM +0100, Damien Fleuriot wrote: > Thanks for the additional input Roland. >=20 > I currently have my eye on shells/lshell, which we use here on > 10-STABLE for PCI-DSS compliance (restricting and logging commands). In this case you might want to look at auditing; https://www.freebsd.org/doc/handbook/audit.html While the handbook explains how it works, I haven't really found good examp= les of its use. > It so happens the current (0.9.16_2) version on FreeBSD suffers from a > nasty case of shell escape : > https://github.com/ghantoos/lshell/issues/151 > root:~$ echo () sh && echo > # > ^-- uh oh... Oops. Looking at the discussion of the issue, I get the impression that there are some fundamental problems with the way lshell parses and executes commands. > I cannot seem to reproduce when using the latest master branch, and am > seeking confirmation in the bug thread that I'm actually trying to > reproduce correctly. > > If it should transpire that the problem is indeed fixed in the master, > I shall try and update the port to the latest version. The port now uses SourceForge, which is getting a bad reputation these days for adding crap to binary installers. This is probably not an issue with tarballs, but it makes me wonder if they are still trustworthy. You might want to consider switching to github. If you do, read /usr/ports/Mk/bsd.sites.mk on how to properly do that in the port Makefile. Roland --=20 R.F.Smith http://rsmith.home.xs4all.nl/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 5753 3324 1661 B0FE 8D93 FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0) --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEV1MzJBZhsP6Nk/ztQPbV3KOKM+AFAlh3swMACgkQQPbV3KOK M+AmSg//eg52R98/VoUxuBDd0t926FEOMlanydRcqdi1MTIsAvN2UZwk7Bn3F1nV 9e7BvdX5H6xGhTmShMzLQDYQpT/mWGd9lFJjKhq/SX0IxCSQDo1e56OhP86PCn/4 9nxt6K1/wrgyuwWt7AEOdfcVedS0NaOSi2SW6tc3tBUVzJcaRZSzQaWm0Sndaswx Wsf0gLkPaCtO+KljTUbOGmyUlnzBLvPIrGyTJRem+RwZHT6zTMMZ5CLPwDlcYiuY MM1T1vPZTVNH2xxWbu8pCf6L7m/2b2x6d5QR0AxUuurUzYctc7WHaBUJdEk6Gr4d 9d3plqMvl2E7su8SWluFLTsjpdqOsYy3aaZuVfZArZz4CXD1LOemo1z3gtnYVaXL QSHVLvAAixkerRFnYN92ZAW7Csg8W5kFF5dRLB9f+1X85E1UGzBBys+8ZKWYXvj4 g8lqxpio94y/H0L21jS9EakmXtfT3G2HvXam3Xm8CBzA4qPzmstnLBpwD5DwZISd 722+clwoSlgXBnno3NW8zPay37RJUdDXGPPbA8de1yAA9UsFgJ/CBQWV1oHTKOmp OHuV5wz/A6QcmNZl2kX6uJMVwEveGWQS/8Oh7bbGGHlFg+qDVJsZhlAmY0aoBzqJ ju2qL6FpFOUjJoYLl57/Zr8WaIr8zISkdUBustYnKsm4N1skZiw= =vQ/+ -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170112164708.GA73939>