[ports] finding an orphan to maintain

[Roland Smith]

On Wed, Jan 11, 2017 at 12:53:02PM +0100, Damien Fleuriot wrote:
> Thanks for the additional input Roland.
> 
> I currently have my eye on shells/lshell, which we use here on
> 10-STABLE for PCI-DSS compliance (restricting and logging commands).

In this case you might want to look at auditing;
https://www.freebsd.org/doc/handbook/audit.html

While the handbook explains how it works, I haven't really found good examples
of its use.

> It so happens the current (0.9.16_2) version on FreeBSD suffers from a
> nasty case of shell escape :
> https://github.com/ghantoos/lshell/issues/151
> root:~$ echo () sh && echo
> #
> ^-- uh oh...

Oops.

Looking at the discussion of the issue, I get the impression that there are
some fundamental problems with the way lshell parses and executes commands.

> I cannot seem to reproduce when using the latest master branch, and am
> seeking confirmation in the bug thread that I'm actually trying to
> reproduce correctly.
>
> If it should transpire that the problem is indeed fixed in the master,
> I shall try and update the port to the latest version.

The port now uses SourceForge, which is getting a bad reputation these days
for adding crap to binary installers. This is probably not an issue with
tarballs, but it makes me wonder if they are still trustworthy.  You might
want to consider switching to github. If you do, read
/usr/ports/Mk/bsd.sites.mk on how to properly do that in the port Makefile.

Roland
-- 
R.F.Smith                                   http://rsmith.home.xs4all.nl/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 5753 3324 1661 B0FE 8D93  FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170112/145f26fa/attachment.sig>