tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Improving security for pkgsrc

			Hi tech-pkg@,

On 03/08/2015 14:31, Greg Troxel wrote:
>> I have tried both "make install" and "make package", and it worked in
>> both cases. Please correct me if I am wrong, but it seems that even if
>> destdir is not supported, the framework always installs files from the
>> staging area in ${WRKSRC}/${DESTDIR}. The executables are marked by
>> paxctl(8) permanently there. This is unlike chmod(1) for instance, which
>> does not modify the original file.
> In general, is the notion that paxctl changes the actual binary, and
> there is no state anywhere else?

With the current implementation on NetBSD yes.

> Did you build a binary package, copy it to a different machine, and run
> it there?  I think that should work, but it's an obvious test to do.

I can confirm that it works.

> If destdir is not supported (which is getting to be a more and more
> unusual case), then the files are installed from WRKDIR into PREFIX.

That is what I observed, and it worked fine for me.

Can I commit this patch then?


Home | Main Index | Thread Index | Old Index