diff options
| author | anholt <anholt@FreeBSD.org> | 2004-06-19 05:51:45 +0000 |
|---|---|---|
| committer | anholt <anholt@FreeBSD.org> | 2004-06-19 05:51:45 +0000 |
| commit | c631192ac55f419658b30d0b53c334aa841e0893 (patch) | |
| tree | 1d61d671b4c3e973e2fcdfd7fd7cda52c32e2804 /x11-servers/xorg-server-snap | |
| parent | 5b137888255d0ca98ff539f3e5eff4953fe8dea9 (diff) | |
| download | FreeBSD-ports-c631192ac55f419658b30d0b53c334aa841e0893.zip FreeBSD-ports-c631192ac55f419658b30d0b53c334aa841e0893.tar.gz | |
- Install the server setuid by default. The x11/wrapper/files/wrapper.c code
is already in the server. I can't even imagine a situation where running an
X server (which is run as root, mind you) is ok, while having a setuid X
server with arguments and environment checking ala wrapper.c is not. But put
an option in anyway.
- Include the SERVER_PATCHES define needed for the new server ports.
Diffstat (limited to 'x11-servers/xorg-server-snap')
| -rw-r--r-- | x11-servers/xorg-server-snap/Makefile | 22 | ||||
| -rw-r--r-- | x11-servers/xorg-server-snap/Makefile.inc | 11 | ||||
| -rw-r--r-- | x11-servers/xorg-server-snap/pkg-message | 5 | ||||
| -rw-r--r-- | x11-servers/xorg-server-snap/scripts/configure | 2 |
4 files changed, 27 insertions, 13 deletions
diff --git a/x11-servers/xorg-server-snap/Makefile b/x11-servers/xorg-server-snap/Makefile index a067d48..633eccc 100644 --- a/x11-servers/xorg-server-snap/Makefile +++ b/x11-servers/xorg-server-snap/Makefile @@ -7,7 +7,7 @@ PORTNAME= server PORTVERSION= 6.7.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= x11-servers MASTER_SITES= http://freedesktop.org/~xorg/X11R6.7.0/src/ PKGNAMEPREFIX= xorg- @@ -112,14 +112,22 @@ MAN4+= apm.4 \ PLIST_SUB+= I386="@comment " .endif +.if !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO +pre-everything:: + @${ECHO_MSG} "By default, the X Server installs as a set-user-id root binary. When run by" + @${ECHO_MSG} "a normal user, it checks arguments and environment as done in the x11/wrapper" + @${ECHO_MSG} "port before handling them normally. If you are concerned about the security" + @${ECHO_MSG} "of this, but still want to run an X Server (for example using xdm/kdm/gdm, which" + @${ECHO_MSG} "will still run the server as root), you can cancel the build and set" + @${ECHO_MSG} "NO_SUID_XSERVER=YES in /etc/make.conf." + +SCRIPTS_ENV+= SUID_XSERVER=YES +.else +SCRIPTS_ENV+= SUID_XSERVER=NO +.endif + post-build: @${RM} -f ${PKGMESSAGE} @${CAT} ${.CURDIR}/pkg-message >> ${PKGMESSAGE} -post-install:: - @${SED} -e s,/usr/X11R6,${PREFIX}, ${PKGMESSAGE} - @if [ -f ${PREFIX}/bin/Xwrapper-4 ] ; then \ - ${LN} -sf Xwrapper-4 ${PREFIX}/bin/X; \ - fi; - .include <bsd.port.post.mk> diff --git a/x11-servers/xorg-server-snap/Makefile.inc b/x11-servers/xorg-server-snap/Makefile.inc index a2a51d9..3aab6d3 100644 --- a/x11-servers/xorg-server-snap/Makefile.inc +++ b/x11-servers/xorg-server-snap/Makefile.inc @@ -39,6 +39,17 @@ CF_PATCHES= ${PORTSDIR}/x11-servers/xorg-server/files/patch-FreeBSD.cf \ ${PORTSDIR}/x11-servers/xorg-server/files/patch-X11.rules \ ${PORTSDIR}/x11-servers/xorg-server/files/patch-X11.tmpl +SERVER_PATCHES= ${PORTSDIR}/x11-servers/xorg-server/files/patch-Xserver-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-bus-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-fb-renderfixes.diff \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-kernel-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-loadmod.c \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-man-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-os-Imakefile \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-savage-pci-id \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-xf86sym.c \ + ${PORTSDIR}/x11-servers/xorg-server/files/patch-xkbout.c + .if !target(do-configure) do-configure: @cp ${X11BASE}/lib/X11/config/version.def ${WRKSRC}/config/cf diff --git a/x11-servers/xorg-server-snap/pkg-message b/x11-servers/xorg-server-snap/pkg-message deleted file mode 100644 index ea2e246..0000000 --- a/x11-servers/xorg-server-snap/pkg-message +++ /dev/null @@ -1,5 +0,0 @@ -************************************************************************ -* To improve security, the X server is installed without an SUID bit. * -* This is suitable for use with xdm, but not with a startx script. * -* If you need to use a startx script, install the x11/wrapper package. * -************************************************************************ diff --git a/x11-servers/xorg-server-snap/scripts/configure b/x11-servers/xorg-server-snap/scripts/configure index 2f626e2..02215f3 100644 --- a/x11-servers/xorg-server-snap/scripts/configure +++ b/x11-servers/xorg-server-snap/scripts/configure @@ -3,7 +3,7 @@ LOCALDEF=$WRKDIR/.config rm -f $LOCALDEF -echo "#define InstallXserverSetUID NO" >> $LOCALDEF +echo "#define InstallXserverSetUID ${SUID_XSERVER}" >> $LOCALDEF echo "#define JoystickSupport NO" >> $LOCALDEF echo "#define BuildLBX NO" >> $LOCALDEF echo "#define XnestServer NO" >> $LOCALDEF |
