Date: Fri, 15 Feb 2002 11:09:11 -0500 From: Ken Stailey <kstailey@surfbest.net> To: Alan Eldridge <alane@geeksrus.net> Cc: klh@panix.com, petef@freebsd.org, portmgr@freebsd.org, FreeBSD Ports List <ports@freebsd.org> Subject: Re: complete pkg-descr files for klh-10 and its Message-ID: <3C6D32A7.50003@surfbest.net> References: <3C6D2443.2070201@surfbest.net> <20020215152218.GA53862@wwweasel.geeksrus.net> <3C6D2E51.8090403@surfbest.net> <20020215155946.GA54173@wwweasel.geeksrus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alan Eldridge wrote: >On Fri, Feb 15, 2002 at 10:50:41AM -0500, Ken Stailey wrote: > >>Alan Eldridge wrote: >> >>>In my mind, anything under /usr is out. Could be read only, could be NFS >>>mounted. >>> >>Could the $KLH_HOME be made a configurable option? It could default to >>/usr/local/games/klh-kn-its. >> > >I recommend against a default under /usr in general, but, if pressed, it >could go under /usr/local/share/its. I copied portmgr@ in order to get >suggestions for this. > Doesn't share imply architecture-independant? Why would an i386 binary go under share? games sounds like a better place to put it: kstailey@hermes$ man hier | grep friv games/ useful and semi-frivolous programs > >>>If it isn't a per user install, then locking needs to be in place to make >>>sure no more than one copy of klh10 is running. >>> > >I don't think there's a way around this. It can be invoked with the lockf(1) >command to make this easy. A wrapper script would be needed to do this. > Your thinking goes against the grain of this port. The emulator is a timesharing system. Please read Steve Levy's Hackers book. Why on earth would you run multple separate copies of a timesharing system? There should be one shared instance of klh-10 on one node to preserve historical approach to timesharing and prevent squandering host CPU and disk resources. > >>Note !!! warnings at klh-10 install time. >> >>hermes# make install >>===> Installing for klh10-2.0a >>Copying binaries into /usr/local/libexec/klh10-ks-its >>Done! >>===> Generating temporary packing list >>!!! klh-10 accepts network connections. >>!!! Consider using a firewall to limit access to klh-10. >>!!! See the /usr/local/share/doc/klh10-ks-its/pubits/adm for firewall >>documentation. >>===> Registering installation for klh10-2.0a >>===> SECURITY NOTE: >> This port has installed the following binaries which execute with >> increased privileges. >>722568 44 -rwsr-xr-x 1 root wheel 22428 >>Feb 15 08:17 /usr/local/libexec/klh10-ks-its/dpimp >> >> If there are vulnerabilities in these programs there may be a security >> risk to the system. FreeBSD makes no guarantee about the security of >> ports included in the Ports Collection. Please type 'make deinstall' >> to deinstall the port if this is a concern. >>hermes# >> > >Good. Do these messages happen if installed from a package? > >And speaking of packages, its needs to be marked NO_CDROM. It's just too big. > NO_WRKSUBDIR= NO_BUILD= NO_PACKAGE= NO_CDROM= are set in the its port Makefile now. I shrank the klh-10 pkg-descr to make portlint happy: This is a port of klh10, an emulator for DEC PDP-10 minicomputers, by Kenneth L. Harrenstien. For information about PDP-10 see http://www.inwap.com/pdp10/ This port currently only builds klh10 in the ksits configuration. Warning: to make use of klh-10 over a LAN you must insert proxy ARP table entries. This requires root privileges. You can either run the klh-10 subprocess dpimp as root or insert the ARP table entries manually. Running the emulator as root compromises FreeBSD system security severely since the emulator is network accessible and has not been audited for security flaws. Running the emulator as a regular user still compromises FreeBSD security. Consider using a firewall to limit access to klh-10. See the pub-its/adm directory for firewall documentation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C6D32A7.50003>