From 369fcbb329b57482e2de439fdd52cd9c22d4a3a8 Mon Sep 17 00:00:00 2001 From: Will Andrews Date: Mon, 3 Sep 2001 17:48:23 +0000 Subject: Add a message to the port/package warning users about kcheckpass's setuid root bit, which is off by default. The purpose is to avoid having users who don't use kcheckpass become vulnerable to a root exploit. For more details see the actual pkg-message. Bump PORTREVISION to reflect this change in the package. As a side note, I'm a little wary about adding something like this so close to the ports freeze for 4.4-RELEASE. However, I decided that it was a minimal risk and went ahead with it in the hopes of avoiding the need for users to run into this "problem" themselves... --- x11/kdebase4-workspace/pkg-message | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 x11/kdebase4-workspace/pkg-message (limited to 'x11/kdebase4-workspace/pkg-message') diff --git a/x11/kdebase4-workspace/pkg-message b/x11/kdebase4-workspace/pkg-message new file mode 100644 index 000000000000..1869be60abfa --- /dev/null +++ b/x11/kdebase4-workspace/pkg-message @@ -0,0 +1,21 @@ + +************************** I M P O R T A N T **************************** + +This package (kdebase2) installs a program called kcheckpass which is +used by kdm or screensavers to check the user's password. This activity +requires it to be setuid root. However, for security reasons, FreeBSD +leaves the setuid bit on this binary off by default, for several reasons. +First, some people may not use screensavers or kdm at all. Second, +others may choose to use a different screensaver or display manager +utility. And finally, there may be holes in kcheckpass which can be +exploited to gain root privileges. FreeBSD chooses not to take that risk +with the default package. If you decide that you need it setuid root, +you can make it so: + + chmod u+s ${PREFIX}/bin/kcheckpass + +..where ${PREFIX} is the prefix where this package was installed. It is +typically /usr/local but may also be /usr/X11R6 or /usr. + +************************** I M P O R T A N T **************************** + -- cgit v1.2.3