statically compiled files left over after a 'make world'
Lowell Gilbert
freebsd-security-local at be-well.no-ip.com
Wed Aug 6 15:00:55 PDT 2003
<freebsd at critesclan.com> writes:
> I'm not sure if there is a "deal" to be made over this, but the question
> still remains. What do you do with those programs that have not been rebuilt
> in a buildworld? Are they security risks? Are they simply things missed in
> the make, and someone needs to add them in?
>
> The impression I have is that anything not rebuilt after the above process
> is an error condition that should be addressed. Am I wrong?
With a couple of exceptions, you're right. The exceptions, however,
are important. One is programs that weren't in the base system to
begin with; there are again two types of these: those that have been
mistakenly installed to base system directories (this occasionally
happens with broken ports), and /stand, which is installed by the
initial install but is not part of the base system (if you want an
updated version, you have to build it separately). The other
exception is things that *used* to be in the base system, but have
been removed. These (an example is kernfs support) can be safely
removed, but there is currently no mechanism to do so automatically.
More information about the freebsd-security
mailing list