Note documented insecurity of majordomo on multi-user machines.

Pointed out by: bugtraq
svn path=/head/; revision=29190
2000-06-04 23:21:30 +00:00 · 2000-06-04 23:21:30 +00:00 · 84d08be515 · 2021-03-31 03:12:20 +00:00
commit 84d08be515
parent 2e97d535f1
1 changed files with 5 additions and 0 deletions
--- a/mail/majordomo/Makefile
+++ b/mail/majordomo/Makefile
@ -24,6 +24,11 @@ INSTALL_TARGET=	install install-wrapper
 MAN1=		approve.1 bounce-remind.1 digest.1
 MAN8=		majordomo.8

+pre-fetch:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+	/usr/bin/dialog --yesno "Majordomo is unsafe to use on multi-user machines: local users can run arbitrary commands as the majordomo user. Do you wish to accept the security risk and build majordomo anyway?" 8 60 || ${FALSE}
+.endif
+
 pre-configure:
 		@ ${SETENV} ${MAKE_ENV} /usr/bin/perl ${SCRIPTDIR}/createuser
 		@ ${CP} ${FILESDIR}/aliases.majordomo ${WRKSRC}