mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-25 21:07:40 +00:00
369fcbb329
setuid root bit, which is off by default. The purpose is to avoid having users who don't use kcheckpass become vulnerable to a root exploit. For more details see the actual pkg-message. Bump PORTREVISION to reflect this change in the package. As a side note, I'm a little wary about adding something like this so close to the ports freeze for 4.4-RELEASE. However, I decided that it was a minimal risk and went ahead with it in the hopes of avoiding the need for users to run into this "problem" themselves...
22 lines
978 B
Plaintext
22 lines
978 B
Plaintext
|
|
************************** I M P O R T A N T ****************************
|
|
|
|
This package (kdebase2) installs a program called kcheckpass which is
|
|
used by kdm or screensavers to check the user's password. This activity
|
|
requires it to be setuid root. However, for security reasons, FreeBSD
|
|
leaves the setuid bit on this binary off by default, for several reasons.
|
|
First, some people may not use screensavers or kdm at all. Second,
|
|
others may choose to use a different screensaver or display manager
|
|
utility. And finally, there may be holes in kcheckpass which can be
|
|
exploited to gain root privileges. FreeBSD chooses not to take that risk
|
|
with the default package. If you decide that you need it setuid root,
|
|
you can make it so:
|
|
|
|
chmod u+s ${PREFIX}/bin/kcheckpass
|
|
|
|
..where ${PREFIX} is the prefix where this package was installed. It is
|
|
typically /usr/local but may also be /usr/X11R6 or /usr.
|
|
|
|
************************** I M P O R T A N T ****************************
|
|
|