statically compiled files left over after a 'make world'
Marcus Reid
marcus at blazingdot.com
Mon Aug 11 13:28:43 PDT 2003
On Wed, Aug 06, 2003 at 06:00:49PM -0400, Lowell Gilbert wrote:
> <freebsd at critesclan.com> writes:
>
> > I'm not sure if there is a "deal" to be made over this, but the question
> > still remains. What do you do with those programs that have not been rebuilt
> > in a buildworld? Are they security risks? Are they simply things missed in
> > the make, and someone needs to add them in?
> >
> > The impression I have is that anything not rebuilt after the above process
> > is an error condition that should be addressed. Am I wrong?
>
> With a couple of exceptions, you're right. The exceptions, however,
> are important. One is programs that weren't in the base system to
> begin with; there are again two types of these: those that have been
> mistakenly installed to base system directories (this occasionally
> happens with broken ports), and /stand, which is installed by the
> initial install but is not part of the base system (if you want an
> updated version, you have to build it separately). The other
> exception is things that *used* to be in the base system, but have
> been removed. These (an example is kernfs support) can be safely
> removed, but there is currently no mechanism to do so automatically.
It's a fairly time-consuming process, but on occasion I like to
do a 'make world DESTDIR=$D' where D is an optional install root,
and then compare the resulting tree with the real root and remove
any cruft that might be laying around. AFAIK this is the only way
to accomplish this.
Marcus
More information about the freebsd-security
mailing list