diff options
| author | Eric Anholt <anholt@FreeBSD.org> | 2004-06-19 05:51:45 +0000 |
|---|---|---|
| committer | Eric Anholt <anholt@FreeBSD.org> | 2004-06-19 05:51:45 +0000 |
| commit | 0c7c8dd0cf0f931f2b04a1452c656c4f10f600e3 (patch) | |
| tree | fdd9239b3716af7d62594fcc452fa53806f9ad48 /x11-servers/xorg-server-snap | |
| parent | e4960c6a55632ed48152aae6195722d8dc1d3022 (diff) | |
| download | ports-0c7c8dd0cf0f931f2b04a1452c656c4f10f600e3.tar.gz ports-0c7c8dd0cf0f931f2b04a1452c656c4f10f600e3.zip | |
- Install the server setuid by default. The x11/wrapper/files/wrapper.c code
is already in the server. I can't even imagine a situation where running an
X server (which is run as root, mind you) is ok, while having a setuid X
server with arguments and environment checking ala wrapper.c is not. But put
an option in anyway.
- Include the SERVER_PATCHES define needed for the new server ports.
Notes
Notes:
svn path=/head/; revision=111782
Diffstat (limited to 'x11-servers/xorg-server-snap')
| -rw-r--r-- | x11-servers/xorg-server-snap/Makefile | 22 | ||||
| -rw-r--r-- | x11-servers/xorg-server-snap/Makefile.inc | 11 | ||||
| -rw-r--r-- | x11-servers/xorg-server-snap/pkg-message | 5 | ||||
| -rw-r--r-- | x11-servers/xorg-server-snap/scripts/configure | 2 |
4 files changed, 27 insertions, 13 deletions
diff --git a/x11-servers/xorg-server-snap/Makefile b/x11-servers/xorg-server-snap/Makefile index a067d4875f0c..633eccce0fbf 100644 --- a/x11-servers/xorg-server-snap/Makefile +++ b/x11-servers/xorg-server-snap/Makefile @@ -7,7 +7,7 @@ PORTNAME= server PORTVERSION= 6.7.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= x11-servers MASTER_SITES= http://freedesktop.org/~xorg/X11R6.7.0/src/ PKGNAMEPREFIX= xorg- @@ -112,14 +112,22 @@ MAN4+= apm.4 \ PLIST_SUB+= I386="@comment " .endif +.if !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO +pre-everything:: + @${ECHO_MSG} "By default, the X Server installs as a set-user-id root binary. When run by" + @${ECHO_MSG} "a normal user, it checks arguments and environment as done in the x11/wrapper" + @${ECHO_MSG} "port before handling them normally. If you are concerned about the security" + @${ECHO_MSG} "of this, but still want to run an X Server (for example using xdm/kdm/gdm, which" + @${ECHO_MSG} "will still run the server as root), you can cancel the build and set" + @${ECHO_MSG} "NO_SUID_XSERVER=YES in /etc/make.conf." + +SCRIPTS_ENV+= SUID_XSERVER=YES +.else +SCRIPTS_ENV+= SUID_XSERVER=NO +.endif + post-build: @${RM} -f ${PKGMESSAGE} @${CAT} ${.CURDIR}/pkg-message >> ${PKGMESSAGE} -post-install:: - @${SED} -e s,/usr/X11R6,${PREFIX}, ${PKGMESSAGE} - @if [ -f ${PREFIX}/bin/Xwrapper-4 ] ; then \ - ${LN} -sf Xwrapper-4 ${PREFIX}/bin/X; \ - fi; - .include <bsd.port.post.mk> diff --git a/x11-servers/xorg-server-snap/Makefile.inc b/x11-servers/xorg-server-snap/Makefile.inc index a2a51d9857a0..3aab6d3616f6 100644 --- a/x11-servers/xorg-server-snap/Makefile.inc +++ b/x11-servers/xorg-server-snap/Makefile.inc @@ -39,6 +39,17 @@ CF_PATCHES= ${PORTSDIR}/x11-servers/xorg-server/files/patch-FreeBSD.cf \ ${PORTSDIR}/x11-servers/xorg-server/files/patch-X11.rules \ ${PORTSDIR}/x11-servers/xorg-server/files/patch-X11.tmpl +SERVER_PATCHES= ${PORTSDIR}/x11-servers/xorg-server/files/patch-Xserver-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-bus-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-fb-renderfixes.diff \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-kernel-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-loadmod.c \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-man-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-os-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-savage-pci-id \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-xf86sym.c \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-xkbout.c + .if !target(do-configure) do-configure: @cp ${X11BASE}/lib/X11/config/version.def ${WRKSRC}/config/cf diff --git a/x11-servers/xorg-server-snap/pkg-message b/x11-servers/xorg-server-snap/pkg-message deleted file mode 100644 index ea2e24612085..000000000000 --- a/x11-servers/xorg-server-snap/pkg-message +++ /dev/null @@ -1,5 +0,0 @@ -************************************************************************ -* To improve security, the X server is installed without an SUID bit. * -* This is suitable for use with xdm, but not with a startx script. * -* If you need to use a startx script, install the x11/wrapper package. * -************************************************************************ diff --git a/x11-servers/xorg-server-snap/scripts/configure b/x11-servers/xorg-server-snap/scripts/configure index 2f626e29ab35..02215f320916 100644 --- a/x11-servers/xorg-server-snap/scripts/configure +++ b/x11-servers/xorg-server-snap/scripts/configure @@ -3,7 +3,7 @@ LOCALDEF=$WRKDIR/.config rm -f $LOCALDEF -echo "#define InstallXserverSetUID NO" >> $LOCALDEF +echo "#define InstallXserverSetUID ${SUID_XSERVER}" >> $LOCALDEF echo "#define JoystickSupport NO" >> $LOCALDEF echo "#define BuildLBX NO" >> $LOCALDEF echo "#define XnestServer NO" >> $LOCALDEF |