From owner-freebsd-security  Mon Oct  2 11:10:11 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id AEAD537B66C
	for <security@FreeBSD.ORG>; Mon,  2 Oct 2000 11:10:04 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.0/8.11.0) with ESMTP id e92IA2I03473;
	Mon, 2 Oct 2000 12:10:03 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA13194; Mon, 2 Oct 2000 12:10:02 -0600 (MDT)
Message-Id: <200010021810.MAA13194@harmony.village.org>
To: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) 
Cc: security@FreeBSD.ORG
In-reply-to: Your message of "Mon, 02 Oct 2000 13:45:46 EDT."
		<v04210100b5fe79180dff@[128.113.24.47]> 
References: <v04210100b5fe79180dff@[128.113.24.47]>  <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> 
Date: Mon, 02 Oct 2000 12:10:02 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <v04210100b5fe79180dff@[128.113.24.47]> Garance A Drosihn writes:
: disclaimer: I'm not offering to do any work, of course, I'm just
: suggesting things for whoever IS willing to do the work...   :-)

OK.  I think that this is 20 lines of code in bsd.port.mk, the
question is which 20 lines[*].

No matter what I'd do, you could override it on a per port basis (eg,
I don't want any ports that are more dangerous than X, but please let
me install pine or sendmail or netcat or xlock or zip anyway).  The
question is how to do this.  Do we want to have this enshrined in
/etc/make.conf (or more generally the global build environment)?  Or
do we want this handled like things are now in the local build
environment to the individual port.  A global solution would look
like:
	OVERRIDE_SECURITY_CHECKS="mail/pine archivers/zip astro/xearth"
and that way you don't have to remember each time you build the port.
A local solution would look like:
	cd /usr/ports/cad/felt
	make OVERRIDE_SECURITY_CHECKS=yes install clean
Note, OVERRIDE_SECURITY_CHECKS is likely a bad name, but it
illistrates the question I'm trying to get answered.

Warner

[*] "The trouble so of two people didn't amount to a hill of beans in
    this world.  But it was our hill and they were our beans."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message