Date: Mon, 11 Aug 2003 13:28:42 -0700 From: Marcus Reid <marcus@blazingdot.com> To: Lowell Gilbert <freebsd-security-local@be-well.no-ip.com> Cc: freebsd-security@freebsd.org Subject: Re: statically compiled files left over after a 'make world' Message-ID: <20030811202841.GA29452@blazingdot.com> In-Reply-To: <44llu6v432.fsf@be-well.ilk.org> References: <HCEOIHDIFOIIAGKAGBCHEENICMAA.freebsd@critesclan.com> <44llu6v432.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 06, 2003 at 06:00:49PM -0400, Lowell Gilbert wrote: > <freebsd@critesclan.com> writes: > > > I'm not sure if there is a "deal" to be made over this, but the question > > still remains. What do you do with those programs that have not been rebuilt > > in a buildworld? Are they security risks? Are they simply things missed in > > the make, and someone needs to add them in? > > > > The impression I have is that anything not rebuilt after the above process > > is an error condition that should be addressed. Am I wrong? > > With a couple of exceptions, you're right. The exceptions, however, > are important. One is programs that weren't in the base system to > begin with; there are again two types of these: those that have been > mistakenly installed to base system directories (this occasionally > happens with broken ports), and /stand, which is installed by the > initial install but is not part of the base system (if you want an > updated version, you have to build it separately). The other > exception is things that *used* to be in the base system, but have > been removed. These (an example is kernfs support) can be safely > removed, but there is currently no mechanism to do so automatically. It's a fairly time-consuming process, but on occasion I like to do a 'make world DESTDIR=$D' where D is an optional install root, and then compare the resulting tree with the real root and remove any cruft that might be laying around. AFAIK this is the only way to accomplish this. Marcus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030811202841.GA29452>