Date: 06 Aug 2003 18:00:49 -0400 From: Lowell Gilbert <freebsd-security-local@be-well.no-ip.com> To: freebsd@critesclan.com Cc: freebsd-security@freebsd.org Subject: Re: statically compiled files left over after a 'make world' Message-ID: <44llu6v432.fsf@be-well.ilk.org> In-Reply-To: <HCEOIHDIFOIIAGKAGBCHEENICMAA.freebsd@critesclan.com> References: <HCEOIHDIFOIIAGKAGBCHEENICMAA.freebsd@critesclan.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<freebsd@critesclan.com> writes: > I'm not sure if there is a "deal" to be made over this, but the question > still remains. What do you do with those programs that have not been rebuilt > in a buildworld? Are they security risks? Are they simply things missed in > the make, and someone needs to add them in? > > The impression I have is that anything not rebuilt after the above process > is an error condition that should be addressed. Am I wrong? With a couple of exceptions, you're right. The exceptions, however, are important. One is programs that weren't in the base system to begin with; there are again two types of these: those that have been mistakenly installed to base system directories (this occasionally happens with broken ports), and /stand, which is installed by the initial install but is not part of the base system (if you want an updated version, you have to build it separately). The other exception is things that *used* to be in the base system, but have been removed. These (an example is kernfs support) can be safely removed, but there is currently no mechanism to do so automatically.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44llu6v432.fsf>