[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Miscellaneous things.
It seems that most programs in ports would not be a security issue anyway,
(excepting, of course, the suid progs and daemons), so security auditing
of quite a few programs would simply be looking for that...
On Fri, 24 Sep 1999, Christian Edward Gruber wrote:
> Is there logic in the makefiles to constrain builds based on desired
> security levels? Perhaps some sort of negative incentive whereby the
> default security level excludes most ports unless you set a
> "DESIRED_PORT_SEC_LEVEL" variable to a less constrained number could be
> implemented. This would require everyone installing the ports tree afresh
> to at least pay attention to the issue. (Though arguably they wouldn't be
> bothering to use OpenBSD unless they cared... you'd think.)
> -----Original Message-----
> From: firstname.lastname@example.org [mailto:email@example.com]On Behalf Of
> Marc Espie
> Sent: Friday, September 24, 1999 5:04 PM
> To: firstname.lastname@example.org
> Subject: Re: Miscellaneous things.
> On Sat, Sep 25, 1999 at 02:37:39AM +0300, Toomas Kiisk wrote:
> > N months ago somebody proposed adding X/Y/pkg/SECURITY file to
> > ports/ tree. This was an excellent idea. If porter has made 0
> > security checks, then at least package should be marked as such.
> That was me.
> There are 12 SECURITY files in the ports tree so far, out of 568 ports.
> The rest has not been audited, or no one bothered to mention it.
> Marc Espie
> |anime, sf, juggling, unicycle, acrobatics, comics...
> |AmigaOS, OpenBSD, C++, perl, Icon, PostScript...
> | `real programmers don't die, they just get out of beta'