From owner-freebsd-ports Thu Aug 17 9: 1:48 2000 Delivered-To: freebsd-ports@freebsd.org Received: from earth.wnm.net (earth.wnm.net [208.246.240.243]) by hub.freebsd.org (Postfix) with ESMTP id EDE2B37B66F; Thu, 17 Aug 2000 09:01:43 -0700 (PDT) Received: from localhost (alex@localhost) by earth.wnm.net (8.11.0/8.11.0) with ESMTP id e7HG3Dk51483; Thu, 17 Aug 2000 11:03:13 -0500 (CDT) Date: Thu, 17 Aug 2000 11:03:13 -0500 (CDT) From: Alex Charalabidis To: Kris Kennaway Cc: security@FreeBSD.ORG, ports@FreeBSD.ORG Subject: Re: Hilighting dangerous ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 16 Aug 2000, Mike Silbersack wrote: > > On Wed, 16 Aug 2000, Kris Kennaway wrote: > > > What does everyone think of the attached patch to bsd.port.mk, which > > hilights potentially insecure files installed by a port at install-time? > > > > It does a find(1) over the packing list of the port looking for > > setuid/setgid files, as well as checking for startup scripts installed in > > ${PREFIX}/etc/rc.d which usually indicates a network daemon (Thanks to > > Brian Feldman for the latter idea). > > > > If the port includes a WWW site, the user is directed there for contact > > information so they can talk to the software developers about the security > > of the port, if they have doubts (i.e. so they don't bother us) (Thanks to > > Peter Wemm for this idea) > I like the idea. Something similar to indicate which ports have been audited would also be useful. -ac -- ============================================================== Alex Charalabidis (AC8139) 5050 Poplar Ave, Ste 170 Systems Administrator Memphis, TN 38157 WebNet Memphis (901) 432 6000 Author, The Book of IRC http://www.bookofirc.com/ ============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message