Date: Wed, 29 Mar 2000 20:30:35 -0800 (PST) From: Kris Kennaway <kris@FreeBSD.org> To: Satoshi - Ports Wraith - Asami <asami@FreeBSD.org> Cc: "David O'Brien" <obrien@FreeBSD.org>, ports@FreeBSD.org Subject: Re: pkg/SECURITY Message-ID: <Pine.BSF.4.21.0003292025390.32828-100000@freefall.freebsd.org> In-Reply-To: <vqc3dp95ceq.fsf@silvia.hip.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29 Mar 2000, Satoshi - Ports Wraith - Asami wrote:
> * Because pkg/MESSAGE might already exist, and it's for a separate
> * purpose. MESSAGE is often used for things like post-install configuration
> * options that must be done before the port can be used, which isn't
> * appropriate to display before compilation.
>
> Well, you can use pkg/MESSAGE for anything you want....
Yes, but if it's already in use by a port for displaying post-installation
configuration instructions, and we add a security note which is displayed
PRIOR to build, it would be quite confusing, IMO.
> * My pkg/SECURITY change also prints it bracketed by a
> *
> * ****** SECURITY WARNING ******
> *
> * line and adds a "Press ^C if this is not acceptable" when displaying in
> * pre-fetch.
>
> You can put those inside the message files too. :)
Perhaps I wasn't clear..the first time it displays it (in pre-fetch) it
gives the extra ^C line, the second time (in post-install) it
doesn't. Thats not possible to do from MESSAGES.
> * I think it's cleaner to have it separate to MESSAGES.
>
> Actually I think it's better to use a REQ file so you can make sure
> the user actually reads those stuff....
A lot of the security warnings are probably going to be along the lines of
"this port installs a setuid root binary which has not been audited" or
"this port does dangerous-looking things with strcpy() which we haven't
been able to prove are exploitable" - I figured it would be too annoying
to most people to have each and every port which displays something prompt
for approval, but if people are willing to do that I'll certainly agree :)
If not, I was planning to add a SECURITY_SERIOUS variable which _would_
stop and prompt for confirmation, e.g. like the delegate port does now.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003292025390.32828-100000>