[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Miscellaneous things.



It seems that most programs in ports would not be a security issue anyway,
(excepting, of course, the suid progs and daemons), so security auditing
of quite a few programs would simply be looking for that...


On Fri, 24 Sep 1999, Christian Edward Gruber wrote:

> Is there logic in the makefiles to constrain builds based on desired
> security levels?  Perhaps some sort of negative incentive whereby the
> default security level excludes most ports unless you set a
> "DESIRED_PORT_SEC_LEVEL" variable to a less constrained number could be
> implemented.  This would require everyone installing the ports tree afresh
> to at least pay attention to the issue. (Though arguably they wouldn't be
> bothering to use OpenBSD unless they cared... you'd think.)
> 
> cg.
> 
> -----Original Message-----
> From: owner-misc_(_at_)_openbsd_(_dot_)_org [mailto:owner-misc_(_at_)_openbsd_(_dot_)_org]On Behalf Of
> Marc Espie
> Sent: Friday, September 24, 1999 5:04 PM
> To: misc_(_at_)_openbsd_(_dot_)_org
> Subject: Re: Miscellaneous things.
> 
> 
> On Sat, Sep 25, 1999 at 02:37:39AM +0300, Toomas Kiisk wrote:
> > N months ago somebody proposed adding X/Y/pkg/SECURITY file to
> > ports/ tree. This was an excellent idea. If porter has made 0
> > security checks, then at least package should be marked as such.
> 
> That was me.
> 
> There are 12 SECURITY files in the ports tree so far, out of 568 ports.
> 
> The rest has not been audited, or no one bothered to mention it.
> 
> --
> 	Marc Espie
> |anime, sf, juggling, unicycle, acrobatics, comics...
> |AmigaOS, OpenBSD, C++, perl, Icon, PostScript...
> | `real programmers don't die, they just get out of beta'
>