Add an install-time warning about insecurity of this port - it has local

exploits yielding user uucp, but due to the nature of the software probably isn't going to be widely used on multi-user systems.
svn path=/head/; revision=38183
2024-11-25 00:51:21 +00:00 · 2001-02-10 22:36:48 +00:00 · 2001-02-10 22:36:48 +00:00 · cf7b5ec93d · 2021-03-31 03:12:20 +00:00
commit cf7b5ec93d
parent b1e089f2d8
2 changed files with 14 additions and 0 deletions
--- a/graphics/camediaplay/Makefile
+++ b/graphics/camediaplay/Makefile
@ -19,6 +19,11 @@ MAN1=	camediaplay.1

 DOC=	README.english README.japanese PROTOCOL

+pre-fetch:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+	${SH} pkg-install
+.endif
+
 post-install:
 	${MKDIR} ${PREFIX}/share/doc/camediaplay
 	for i in ${DOC}; do \
--- a/graphics/camediaplay/pkg-install
+++ b/graphics/camediaplay/pkg-install
@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then
+  exit 0
+fi
+
+/usr/bin/dialog --yesno "SECURITY NOTE: This port is not safe to install on multi-user systems containing untrusted users - it is vulnerable to a local buffer overflow and format string vulnerability which allow an attacker to obtain access to the uucp user.  Do you wish to proceed with the installation of the software anyway?" 9 70 || /usr/bin/false
+
+