summaryrefslogtreecommitdiff
path: root/x11/kdebase3
diff options
context:
space:
mode:
authorWill Andrews <will@FreeBSD.org>2001-09-03 17:48:23 +0000
committerWill Andrews <will@FreeBSD.org>2001-09-03 17:48:23 +0000
commit369fcbb329b57482e2de439fdd52cd9c22d4a3a8 (patch)
tree00371bcd8fe8ad9bf7451b9fac0056ea99235e35 /x11/kdebase3
parentAdd a WWW. (diff)
Add a message to the port/package warning users about kcheckpass's
setuid root bit, which is off by default. The purpose is to avoid having users who don't use kcheckpass become vulnerable to a root exploit. For more details see the actual pkg-message. Bump PORTREVISION to reflect this change in the package. As a side note, I'm a little wary about adding something like this so close to the ports freeze for 4.4-RELEASE. However, I decided that it was a minimal risk and went ahead with it in the hopes of avoiding the need for users to run into this "problem" themselves...
Diffstat (limited to 'x11/kdebase3')
-rw-r--r--x11/kdebase3/Makefile5
-rw-r--r--x11/kdebase3/pkg-message21
2 files changed, 25 insertions, 1 deletions
diff --git a/x11/kdebase3/Makefile b/x11/kdebase3/Makefile
index 2a4dfc2629ef..67c9baf2bc10 100644
--- a/x11/kdebase3/Makefile
+++ b/x11/kdebase3/Makefile
@@ -7,7 +7,7 @@
PORTNAME= kdebase
PORTVERSION= 2.2
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES?= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION}/src
@@ -63,4 +63,7 @@ pre-configure:
post-configure:
${PERL} -pi -e "s@444@644@g" ${WRKSRC}/kdesktop/init/Templates/Makefile
+post-install:
+ @${CAT} ${PKGMESSAGE}
+
.include <bsd.port.post.mk>
diff --git a/x11/kdebase3/pkg-message b/x11/kdebase3/pkg-message
new file mode 100644
index 000000000000..1869be60abfa
--- /dev/null
+++ b/x11/kdebase3/pkg-message
@@ -0,0 +1,21 @@
+
+************************** I M P O R T A N T ****************************
+
+This package (kdebase2) installs a program called kcheckpass which is
+used by kdm or screensavers to check the user's password. This activity
+requires it to be setuid root. However, for security reasons, FreeBSD
+leaves the setuid bit on this binary off by default, for several reasons.
+First, some people may not use screensavers or kdm at all. Second,
+others may choose to use a different screensaver or display manager
+utility. And finally, there may be holes in kcheckpass which can be
+exploited to gain root privileges. FreeBSD chooses not to take that risk
+with the default package. If you decide that you need it setuid root,
+you can make it so:
+
+ chmod u+s ${PREFIX}/bin/kcheckpass
+
+..where ${PREFIX} is the prefix where this package was installed. It is
+typically /usr/local but may also be /usr/X11R6 or /usr.
+
+************************** I M P O R T A N T ****************************
+