Add a security warning about the many local buffer overflows in this

software, qualified by the fact that it's setgid games and therefore not dangerous to the system. Many of these buffer overflows aren't classic smashed stacks, but I bet at least one is exploitable :-)
svn path=/head/; revision=37709
2001-01-29 00:22:10 +00:00 · 2001-01-29 00:22:10 +00:00 · b0e70f9c89 · 2021-03-31 03:12:20 +00:00
commit b0e70f9c89
parent 938877754b
2 changed files with 15 additions and 0 deletions
--- a/games/dopewars/Makefile
+++ b/games/dopewars/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	dopewars
 PORTVERSION=	1.4.8
+PORTREVISION=	1
 CATEGORIES=	games
 MASTER_SITES=	http://bellatrix.pcl.ox.ac.uk/~ben/dopewars/

@ -15,6 +16,11 @@ MAINTAINER=	jim@FreeBSD.org
 USE_GMAKE=	yes
 GNU_CONFIGURE=	yes

+pre-fetch:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+	${SH} pkg-install
+.endif
+
 post-install:
 	@${ECHO} "===>   Documentation is installed in ${PREFIX}/share/doc/dopewars"
 	@${ECHO} "===>   Run 'dopewars -h' for usage options."
--- a/games/dopewars/pkg-install
+++ b/games/dopewars/pkg-install
@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then
+  exit 0
+fi
+
+/usr/bin/dialog --yesno "SECURITY NOTE: This software contains known locally-exploitable buffer overflows. However since the binaries in question are setgid to the games group, the impact of this vulnerability is believed to be limited to the ability for local users to overwrite score files, saved games, and certain other game data for this and other installed game packages. The wider system security is not believed to be compromised by this problem. Do you wish to install the software anyway?" 12 70 || /usr/bin/false
+
+