Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 Apr 1998 16:44:29 -0400 (EDT)
From:      Robert Watson <robert@cyrus.watson.org>
To:        freebsd-security@FreeBSD.ORG
Subject:   Proposal: remove existing schg flags from make buildworld
Message-ID:  <Pine.BSF.3.96.980417163946.11132C-100000@trojanhorse.pr.watson.org>
next in thread | raw e-mail | index | archive | help 

Currently, the use of schg flags can be a major hassle for those trying to
build secure systems.  Performing a build world generates a set of schg
files that are hard to deal with in a secure environment (after all, they
are schg :).  Rather than imposing the schg flags during the build, it
might be more appropriate to apply them only during the install.  Even
blowing away my object tree is made difficult:

fledge:/home/fbsd-stable/src# rm -Rf ../obj/*
rm: ../obj/home/fbsd-stable/src/tmp/usr/lib/libcipher.so.2.0: Operation
not permitted
rm: ../obj/home/fbsd-stable/src/tmp/usr/lib/libc.so.3.1: Operation not
permitted
rm: ../obj/home/fbsd-stable/src/tmp/usr/lib/libdescrypt.so.2.0: Operation
not permitted
rm: ../obj/home/fbsd-stable/src/tmp/usr/lib: Directory not empty
rm: ../obj/home/fbsd-stable/src/tmp/usr/libexec/ld.so: Operation not
permitted
rm: ../obj/home/fbsd-stable/src/tmp/usr/libexec: Directory not empty
rm: ../obj/home/fbsd-stable/src/tmp/usr: Directory not empty
rm: ../obj/home/fbsd-stable/src/tmp: Directory not empty

(up-to-date version of -stable -- I assume this also happens in -current?)

There is nothing gained by doing this -- the source is not protected, and
neither is the compiler :).  Clearly on an install, it is useful to apply
schg (although previous discussion suggests that this is not the case with
the current arrangement :), but not during the build process.

  Robert N Watson 


----
Carnegie Mellon University  http://www.cmu.edu/
Trusted Information Systems http://www.tis.com/
SafePort Network Services   http://www.safeport.com/
robert@fledge.watson.org    http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980417163946.11132C-100000>