1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00
freebsd-ports/x11/kde4-workspace/pkg-message
Will Andrews 369fcbb329 Add a message to the port/package warning users about kcheckpass's
setuid root bit, which is off by default.  The purpose is to avoid
having users who don't use kcheckpass become vulnerable to a root
exploit.  For more details see the actual pkg-message.  Bump PORTREVISION
to reflect this change in the package.

As a side note, I'm a little wary about adding something like this so
close to the ports freeze for 4.4-RELEASE.  However, I decided that it
was a minimal risk and went ahead with it in the hopes of avoiding the
need for users to run into this "problem" themselves...
2001-09-03 17:48:23 +00:00

22 lines
978 B
Plaintext

************************** I M P O R T A N T ****************************
This package (kdebase2) installs a program called kcheckpass which is
used by kdm or screensavers to check the user's password. This activity
requires it to be setuid root. However, for security reasons, FreeBSD
leaves the setuid bit on this binary off by default, for several reasons.
First, some people may not use screensavers or kdm at all. Second,
others may choose to use a different screensaver or display manager
utility. And finally, there may be holes in kcheckpass which can be
exploited to gain root privileges. FreeBSD chooses not to take that risk
with the default package. If you decide that you need it setuid root,
you can make it so:
chmod u+s ${PREFIX}/bin/kcheckpass
..where ${PREFIX} is the prefix where this package was installed. It is
typically /usr/local but may also be /usr/X11R6 or /usr.
************************** I M P O R T A N T ****************************