Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Jun 2001 12:07:40 +0300
From:      Peter Pentchev <roam@orbitel.bg>
To:        Cyrille Lefevre <clefevre@redirect.to>
Cc:        jseger@FreeBSD.org, security@FreeBSD.org
Subject:   Re: SGID make
Message-ID:  <20010612120740.A819@ringworld.oblivion.bg>
In-Reply-To: <ofruphxz.fsf@gits.dyndns.org>; from clefevre-lists@noos.fr on Tue, Jun 12, 2001 at 04:09:44AM %2B0200
References:  <009501c0ef65$23482580$0600a8c0@ibmka.internethelp.ru> <20010607114714.R1832@superconductor.rush.net> <ofruphxz.fsf@gits.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jun 12, 2001 at 04:09:44AM +0200, Cyrille Lefevre wrote:
> Alfred Perlstein <bright@rush.net> writes:
> 
> > * Nickolay A. Kritsky <nkritsky@internethelp.ru> [010607 11:19] wrote:
> > > Can anybody tell me why /usr/local/bin/make in FreeBSD 4.2 is SGID
> > > kmem? I thought that make is intended only for compiling huge C
> > > programs, isnt it?
> > > 
> > > #ls -l /usr/local/bin/make
> > > -rwxr-sr-x  1 root  kmem  445486 May 14 15:58 /usr/local/bin/make
> > 
> > As people have stated this isn't our make, it's most likely GNU make
> > installed without using the port.
> > 
> > The reason for the sgid'ness is most likely so that the binary can
> > query the system load average to optimize parrallel compliation
> > without overwhelming the system.
> > 
> > Although, this is sort of silly as the info should be available via
> > sysctl in FreeBSD.
> 
> Justin, are you willing to update gmake for using sysctl instead of
> reading kmem ? if no, I'll do it when I'll have some time.

The devel/gmake port already clears the setgid bit of the gmake
executable in its post-install target - gmake uses the getloadavg(3)
function, which does not require any privileges, but the autoconf
getloadavg-setgid'ness detection logic is not quite up-to-date.

G'luck,
Peter

-- 
I am not the subject of this sentence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010612120740.A819>