World-writable files installed by ports
Kris Kennaway
kris at obsecurity.org
Thu Aug 31 14:19:28 UTC 2006
On Thu, Aug 31, 2006 at 06:15:18PM +0400, Andrew Pantyukhin wrote:
> Under no circumstances should a port install world-writable
> files or directories. In most cases this opens the system to all
> kinds of attacks. A simple grep brings the following list of
> makefiles to attention. I imagine that samba ports are
> somehow justified, as for the other ones, I hope secteam and
> committers will do something about them.
The install process will warn about this (as well as group writable),
so you can also grep for the warning message in the pointyhat logs.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060831/32335f03/attachment.pgp
More information about the freebsd-ports
mailing list