From owner-freebsd-security Sat Oct 7 2:32: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 0B4F337B502 for ; Sat, 7 Oct 2000 02:32:04 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.9.3/8.9.3) id CAA12083; Sat, 7 Oct 2000 02:32:44 -0700 (PDT) Date: Sat, 7 Oct 2000 02:32:44 -0700 From: Kris Kennaway To: Michael Bryan Cc: freebsd-security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20001007023244.A11196@citusc17.usc.edu> References: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> <39D671D9.62E7148B@ursine.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39D671D9.62E7148B@ursine.com>; from fbsd-security@ursine.com on Sat, Sep 30, 2000 at 04:06:01PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 04:06:01PM -0700, Michael Bryan wrote: > Warner Losh wrote: > > > > Maybe we need a category that is "This program may be insecure, set > > INSECURE_OK in your /etc/make.conf if you don't have a problem with > > that" for ports. > > I don't like the idea of a setting that gets set once, then allows all > insecure ports to get installed without additional user confirmation. Me either..each port is insecure in a different way. > I'd much prefer an implementation that provided the following functionality: > > 1) By default, will not install a particular port if it is > marked as potentially dangerous, but will instead provide > a warning to the user/installer. > > 2) The user can do an override for that particular port to go > ahead and install it anyway. That override must not carry > over to other insecure ports, and it probably should not > carry over to future re-installs of the same port. (In other > words, each and every time you go to build/install an insecure > port, you have to do something to override the default lockout.) > That way, the admin/user gets reminded of the potential danger > at every reasonable point. This is actually pretty similar to what I've been doing for insecure ports which people may still want to install - the port pops up a dialog box at port/package install-time explaining the issue and asking for confirmation before proceeding. I think this strikes a good balance between security and ease of use - although a notable downside is that the current incarnation of sysinstall is not capable of playing well with packages which do this (the dialog box is displayed over on vty2, but the actual screen display on vty1 doesn't indicate the port is interactive and awaiting a keypress). Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message