tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Improving security for pkgsrc
Hi,
On 07/30/15 10:26, Thomas Klausner wrote:
> On Thu, Jul 30, 2015 at 02:04:34AM +0200, Pierre Pronchery wrote:
>> As before, I will welcome your feedback while trying to get this
>> integrated.
>
> The whole patch looks like it will only work when you do 'make
> install', but not with pkg_add. You will need INSTALL script fragments
> for that.
I have tried both "make install" and "make package", and it worked in
both cases. Please correct me if I am wrong, but it seems that even if
destdir is not supported, the framework always installs files from the
staging area in ${WRKSRC}/${DESTDIR}. The executables are marked by
paxctl(8) permanently there. This is unlike chmod(1) for instance, which
does not modify the original file.
Reading the manual page for paxctl(8), it mentions that marking
executables should "be done using fileassoc(9) in the future" - which
would then behave like chmod(1) does. We are not yet there though, at
least on NetBSD. I do not know about other platforms in this regard.
Cheers,
--
khorben
Home |
Main Index |
Thread Index |
Old Index