Re: Port installs a lot of security risks.
On 07/08/12 21:06, Benjamin wrote: hmmm, I searched for the warning - it doesn't seem common (according to google). I assume this is bad. Curious. My original post didn't seem to be received by the list - was it because I included an attachment? The original post is below in any case. I'll spill the contents of the attachment below the original post. On 07/08/12 20:50, Benjamin wrote: I am porting the Quartus II software design package released by Altera for Linux. This is my first port, and I've had some great help from this list already. Another question though. I've made the pkg-plist as per the instructions in the porter's handbook. When I install the port, I get a list of "vulnerabilities" that is quite big. I've attached it as a text file. There are also a lot of files that are under: "This port has installed the following world-writable files/directories." What does this message mean? ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" ===> Registering installation for quartus_ii-11.1 ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/altera/quartus/linux/perl/bin/perl /usr/local/altera/nios2eds/components/altera_nios2/eperl.bin (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/ip/altera/sopc_builder_ip/altera_mp32/eperl.bin (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/libsys_cpt.so /usr/local/altera/nios2eds/bin/nios2-gdb-server-wrapped /usr/local/altera/quartus/linux/tcl8.5/tls1.6/libtls1.6.so /usr/local/altera/quartus/linux/libpgm_pgme.so /usr/local/altera/quartus/linux/jtagd /usr/local/altera/quartus/linux/jre/lib/i386/libnet.so /usr/local/altera/quartus/common/ip/altera/common/ip_toolbench/v1.3.0/linux/ip_toolbench/v1.3.0/bin/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/nios2eds/bin/linux/nios2-iss /usr/local/altera/nios2eds/bin/nios2-terminal-wrapped /usr/local/altera/quartus/linux/jre/lib/i386/libdt_socket.so /usr/local/altera/ip/altera/nios2_ip/altera_nios2/eperl.bin (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/libtcl8.5.so /usr/local/altera/quartus/linux/jre/lib/i386/server/libjvm.so /usr/local/altera/quartus/linux/jre/javaws/javaws (USES POSSIBLY INSECURE FUNCTIONS: tempnam) /usr/local/altera/nios2eds/bin/linux/libaltera_avalon_uart.so /usr/local/altera/quartus/linux/lmgrd /usr/local/altera/quartus/common/ip/altera/common/ip_toolbench/v1.3.0/bin/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/nios2eds/bin/linux/libaltera_avalon_jtag_uart.so /usr/local/altera/ip/altera/sopc_builder_ip/altera_avalon_jtag_phy/libbytestream_pli.so /usr/local/altera/quartus/common/ip/altera/common/ip_toolbench/v1.3.0/linux/devtools/bin/perl (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/ip/altera/sopc_builder_ip/altera_mp32/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/libQtNetwork.so.4 /usr/local/altera/quartus/linux/jre/lib/i386/client/libjvm.so /usr/local/altera/quartus/linux/jre/lib/i386/motif21/libmawt.so /usr/local/altera/quartus/linux/jre/lib/i386/native_threads/libhpi.so /usr/local/altera/quartus/linux/alterad /usr/local/altera/nios2eds/components/altera_nios2/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/jre/lib/i386/libnio.so /usr/local/altera/quartus/cusp/bin/libcusp111_parser.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/jre/lib/i386/libdeploy.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/jre/bin/javaws (USES POSSIBLY INSECURE FUNCTIONS: tempnam) /usr/local/altera/quartus/linux/quartus_sh (USES POSSIBLY INSECURE FUNCTIONS: mktemp) /usr/local/altera/quartus/linux/lmutil /usr/local/altera/quartus/linux/libjtag_pli-blaster_vpi.so /usr/local/altera/quartus/common/ip/altera/common/ip_toolbench/v1.3.0/linux/devtools/bin/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/ip/altera/nios2_ip/altera_nios2/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/ip/altera/common/ip_toolbench/v1.3.0/bin/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) This port has installed the following world-writable files/directories. /usr/local/altera/nios2eds/documents/gnu-tools/libstdc++-v3/19_diagnostics/howto.html /usr/local/altera/quartus/sopc_builder/bin/europa/e_cpu_fifo.pm /usr/local/altera/quartus/common/tcl/packages/dse/dse-stratixiii-lib.tcl /usr/local/altera/nios2eds/documents/gnu-tools/libstdc++-v3/22_locale/locale.html /usr/local/altera/quartus/common/tcl/internal/qsimlib_comp.tcl /usr/local/altera/quartus/sopc_builder/bin/europa/e_atlantic_sl
Port installs a lot of security risks.
I am porting the Quartus II software design package released by Altera for Linux. This is my first port, and I've had some great help from this list already. Another question though. I've made the pkg-plist as per the instructions in the porter's handbook. When I install the port, I get a list of "vulnerabilities" that is quite big. I've attached it as a text file. There are also a lot of files that are under: "This port has installed the following world-writable files/directories." What does this message mean? ===> Registering installation for quartus_ii-11.1 ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/altera/quartus/linux/perl/bin/perl /usr/local/altera/nios2eds/components/altera_nios2/eperl.bin (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/ip/altera/sopc_builder_ip/altera_mp32/eperl.bin (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/libsys_cpt.so /usr/local/altera/nios2eds/bin/nios2-gdb-server-wrapped /usr/local/altera/quartus/linux/tcl8.5/tls1.6/libtls1.6.so /usr/local/altera/quartus/linux/libpgm_pgme.so /usr/local/altera/quartus/linux/jtagd /usr/local/altera/quartus/linux/jre/lib/i386/libnet.so /usr/local/altera/quartus/common/ip/altera/common/ip_toolbench/v1.3.0/linux/ip_toolbench/v1.3.0/bin/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/nios2eds/bin/linux/nios2-iss /usr/local/altera/nios2eds/bin/nios2-terminal-wrapped /usr/local/altera/quartus/linux/jre/lib/i386/libdt_socket.so /usr/local/altera/ip/altera/nios2_ip/altera_nios2/eperl.bin (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/libtcl8.5.so /usr/local/altera/quartus/linux/jre/lib/i386/server/libjvm.so /usr/local/altera/quartus/linux/jre/javaws/javaws (USES POSSIBLY INSECURE FUNCTIONS: tempnam) /usr/local/altera/nios2eds/bin/linux/libaltera_avalon_uart.so /usr/local/altera/quartus/linux/lmgrd /usr/local/altera/quartus/common/ip/altera/common/ip_toolbench/v1.3.0/bin/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/nios2eds/bin/linux/libaltera_avalon_jtag_uart.so /usr/local/altera/ip/altera/sopc_builder_ip/altera_avalon_jtag_phy/libbytestream_pli.so /usr/local/altera/quartus/common/ip/altera/common/ip_toolbench/v1.3.0/linux/devtools/bin/perl (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/ip/altera/sopc_builder_ip/altera_mp32/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/libQtNetwork.so.4 /usr/local/altera/quartus/linux/jre/lib/i386/client/libjvm.so /usr/local/altera/quartus/linux/jre/lib/i386/motif21/libmawt.so /usr/local/altera/quartus/linux/jre/lib/i386/native_threads/libhpi.so /usr/local/altera/quartus/linux/alterad /usr/local/altera/nios2eds/components/altera_nios2/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/jre/lib/i386/libnio.so /usr/local/altera/quartus/cusp/bin/libcusp111_parser.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/jre/lib/i386/libdeploy.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/quartus/linux/jre/bin/javaws (USES POSSIBLY INSECURE FUNCTIONS: tempnam) /usr/local/altera/quartus/linux/quartus_sh (USES POSSIBLY INSECURE FUNCTIONS: mktemp) /usr/local/altera/quartus/linux/lmutil /usr/local/altera/quartus/linux/libjtag_pli-blaster_vpi.so /usr/local/altera/quartus/common/ip/altera/common/ip_toolbench/v1.3.0/linux/devtools/bin/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/ip/altera/nios2_ip/altera_nios2/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) /usr/local/altera/ip/altera/common/ip_toolbench/v1.3.0/bin/libeperl.so (USES POSSIBLY INSECURE FUNCTIONS: tmpnam) This port has installed the following world-writable files/directories. /usr/local/altera/nios2eds/documents/gnu-tools/libstdc++-v3/19_diagnostics/howto.html /usr/local/altera/quartus/sopc_builder/bin/europa/e_cpu_fifo.pm /usr/local/altera/quartus/common/tcl/packages/dse/dse-stratixiii-lib.tcl /usr/local/altera/nios2eds/documents/gnu-tools/libstdc++-v3/22_locale/locale.html /usr/local/altera/quartus/common/tcl/internal/qsimlib_comp.tcl /usr/local/altera/quartus/sopc_builder/bin/europa/e_atlantic_slave.pm /usr/local/altera/nios2eds/documents/gnu-tools/gcc/M680x0-Options.html /usr/local/altera/quartus/sopc_builder/bin/europa/class_ptf_update_to_2_0.pl /usr/local/altera/nios2eds/documents/gnu-tools/gcc/MCore-Options.html /usr/local/altera/nios2eds/documents/gnu-tools/cpp/fdollars-in-identifiers.html /usr/local/altera/quartus/common/tcl/apps/dtw/dtw_circuit.tcl /usr/local/altera/quartus/common/tcl/packages/qpm/qpm-extra-pkg.tcl /usr/local/altera/nios2eds/documents/gnu-tools/cpp/Environment-Variables.html /usr/local/altera/nios2eds/documents/gnu-tools/gcc/Dollar-Signs.html /usr/local/altera/quartus/sopc_builder/bi
Re: Port installs a lot of security risks.
On 8 July 2012 10:06, Benjamin wrote: > hmmm, I searched for the warning - it doesn't seem common (according to > google). I assume this is bad. >> >> "This port has installed the following world-writable files/directories." >> >> What does this message mean? > It means that some of the files that it has installed are permission ugo+w. This may or may not be a problem-- would you care if any random user edited these? I mean ANY user! Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Port installs a lot of security risks.
hmmm, I searched for the warning - it doesn't seem common (according to google). I assume this is bad. On 07/08/12 20:50, Benjamin wrote: I am porting the Quartus II software design package released by Altera for Linux. This is my first port, and I've had some great help from this list already. Another question though. I've made the pkg-plist as per the instructions in the porter's handbook. When I install the port, I get a list of "vulnerabilities" that is quite big. I've attached it as a text file. There are also a lot of files that are under: "This port has installed the following world-writable files/directories." What does this message mean? ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"