diff options
author | Will Andrews <will@FreeBSD.org> | 2001-09-03 17:48:23 +0000 |
---|---|---|
committer | Will Andrews <will@FreeBSD.org> | 2001-09-03 17:48:23 +0000 |
commit | 369fcbb329b57482e2de439fdd52cd9c22d4a3a8 (patch) | |
tree | 00371bcd8fe8ad9bf7451b9fac0056ea99235e35 /x11/kdebase3 | |
parent | Add a WWW. (diff) |
Add a message to the port/package warning users about kcheckpass's
setuid root bit, which is off by default. The purpose is to avoid
having users who don't use kcheckpass become vulnerable to a root
exploit. For more details see the actual pkg-message. Bump PORTREVISION
to reflect this change in the package.
As a side note, I'm a little wary about adding something like this so
close to the ports freeze for 4.4-RELEASE. However, I decided that it
was a minimal risk and went ahead with it in the hopes of avoiding the
need for users to run into this "problem" themselves...
Diffstat (limited to 'x11/kdebase3')
-rw-r--r-- | x11/kdebase3/Makefile | 5 | ||||
-rw-r--r-- | x11/kdebase3/pkg-message | 21 |
2 files changed, 25 insertions, 1 deletions
diff --git a/x11/kdebase3/Makefile b/x11/kdebase3/Makefile index 2a4dfc2629ef..67c9baf2bc10 100644 --- a/x11/kdebase3/Makefile +++ b/x11/kdebase3/Makefile @@ -7,7 +7,7 @@ PORTNAME= kdebase PORTVERSION= 2.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION}/src @@ -63,4 +63,7 @@ pre-configure: post-configure: ${PERL} -pi -e "s@444@644@g" ${WRKSRC}/kdesktop/init/Templates/Makefile +post-install: + @${CAT} ${PKGMESSAGE} + .include <bsd.port.post.mk> diff --git a/x11/kdebase3/pkg-message b/x11/kdebase3/pkg-message new file mode 100644 index 000000000000..1869be60abfa --- /dev/null +++ b/x11/kdebase3/pkg-message @@ -0,0 +1,21 @@ + +************************** I M P O R T A N T **************************** + +This package (kdebase2) installs a program called kcheckpass which is +used by kdm or screensavers to check the user's password. This activity +requires it to be setuid root. However, for security reasons, FreeBSD +leaves the setuid bit on this binary off by default, for several reasons. +First, some people may not use screensavers or kdm at all. Second, +others may choose to use a different screensaver or display manager +utility. And finally, there may be holes in kcheckpass which can be +exploited to gain root privileges. FreeBSD chooses not to take that risk +with the default package. If you decide that you need it setuid root, +you can make it so: + + chmod u+s ${PREFIX}/bin/kcheckpass + +..where ${PREFIX} is the prefix where this package was installed. It is +typically /usr/local but may also be /usr/X11R6 or /usr. + +************************** I M P O R T A N T **************************** + |