ports/148911: maintainer update: mark security/isolate forbidden due to security issue

[Steve Wills]

>Number:         148911
>Category:       ports
>Synopsis:       maintainer update: mark security/isolate forbidden due to security issue
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jul 24 19:50:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Steve Wills
>Release:        8.1-RC2
>Organization:
>Environment:
>Description:
The security/isolate port currently suffers from local root privileges escalation problems. It should not be used. The attached patch marks it forbidden. Also marks it broken on pre 8.x due to lack of unlinkat (and openat) syscalls, in preparation for when the security issue is fixed.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN security/isolate.orig/Makefile security/isolate/Makefile
--- security/isolate.orig/Makefile	2010-07-24 15:35:34.963084308 -0400
+++ security/isolate/Makefile	2010-07-24 15:38:47.628535561 -0400
@@ -24,8 +24,10 @@
 
 .include <bsd.port.pre.mk>
 
-.if ${OSVERSION} < 700025
-IGNORE=	does not compile (needs gelf.h)
+.if ${OSVERSION} < 800000
+IGNORE=	does not compile (needs unlinkat)
 .endif
 
+FORBIDDEN=      isolate currently suffers from local root privilege escallation bugs
+
 .include <bsd.port.post.mk>


>Release-Note:
>Audit-Trail:
>Unformatted: