misc/145261: [build] 8.0-R source doesn't respect
WITHOUT_TOOLCHAIN as src.conf(5) says
Gergely CZUCZY
gergely.czuczy at harmless.hu
Wed Nov 24 07:20:22 UTC 2010
Hello,
This PR also stands for 8.1.
So the tools that shouldn't be installed:
gcc, g++, ld, cc, c++, c++filt, basically.
And also /usr/include should be omitted.
My basic concept is, jailed services shouldn't have a toolchain that's
suitable for building code, such as exploits or so, when an intrusion
happens.
Thanks for noticing this PR.
Best regards,
Gergely
On Wed, 24 Nov 2010 00:36:52 GMT
arundel at FreeBSD.org wrote:
> Synopsis: [build] 8.0-R source doesn't respect WITHOUT_TOOLCHAIN as
> src.conf(5) says
>
> State-Changed-From-To: open->feedback
> State-Changed-By: arundel
> State-Changed-When: Wed Nov 24 00:35:16 UTC 2010
> State-Changed-Why:
> Which tools are included exactly which you think shouldn't be?
>
> usr.bin/Makefile defines the following:
>
> .if ${MK_TOOLCHAIN} != "no"
> SUBDIR+= ar
> SUBDIR+= c89
> SUBDIR+= c99
> SUBDIR+= compile_et
> SUBDIR+= ctags
> SUBDIR+= file2c
> SUBDIR+= gprof
> SUBDIR+= indent
> SUBDIR+= lex
> SUBDIR+= mkstr
> SUBDIR+= rpcgen
> SUBDIR+= unifdef
> SUBDIR+= xlint
> SUBDIR+= xstr
> # XXX maybe under textproc?
> SUBDIR+= vgrind
> SUBDIR+= yacc
> .endif
>
> ...so these shouldn't be included.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=145261
--
Sincerely,
Gergely CZUCZY
Harmless Digital Bt
+36-30-9702963
More information about the freebsd-bugs
mailing list