Change Details

The security-check target in `Mk/bsd.port.mk` misses binaries that are installed setuid by `pkg(8)`. `${WRKDIR}/.PLIST.setuid` is currently populated by parsing the package's plist and identifying installed files with the setuid or setgid bits present. Binaries may also be installed setuid or setgid when `pkg register` is run as part of the install process. This happens [here](https://github.com/freebsd/pkg/blob/master/libpkg/pkg_add.c#L225). As written, there is no mechanism implemented in the security-check target to detect such setuid/setgid file mode modifications. This revision causes files with pkg-plist keywords matching `^@\(([^,)]*,){2}[246][0-7]([135][0-7]|[0-7][135])\)` to be appended to `${WRKDIR}/.PLIST.setuid` so that they are included in the warning message generated by `${SCRIPTSDIR}/security-check.awk`.

The security-check target in `Mk/bsd.port.mk` misses binaries that are installed setuid by `pkg(8)`. `${WRKDIR}/.PLIST.setuid` is currently populated by parsing the package's plist and identifying installed files with the setuid or setgid bits present. Binaries may also be installed setuid or setgid when `pkg register` is run as part of the install process. This happens [here](https://github.com/freebsd/pkg/blob/master/libpkg/pkg_add.c#L225). As written, there is no mechanism implemented in the security-check target to detect such setuid/setgid file mode modifications. This revision causes files with pkg-plist keywords matching `^@\(([^,)]*,){2}[246][0-7]([1357][0-7]|[0-7][1357])\)` to be appended to `${WRKDIR}/.PLIST.setuid` so that they are included in the warning message generated by `${SCRIPTSDIR}/security-check.awk`.

The security-check target in `Mk/bsd.port.mk` misses binaries that are installed setuid by `pkg(8)`. `${WRKDIR}/.PLIST.setuid` is currently populated by parsing the package's plist and identifying installed files with the setuid or setgid bits present. Binaries may also be installed setuid or setgid when `pkg register` is run as part of the install process. This happens [here](https://github.com/freebsd/pkg/blob/master/libpkg/pkg_add.c#L225). As written, there is no mechanism implemented in the security-check target to detect such setuid/setgid file mode modifications. This revision causes files with pkg-plist keywords matching `^@\(([^,)]*,){2}[246][0-7]([1357][0-7]|[0-7][1357])\)` to be appended to `${WRKDIR}/.PLIST.setuid` so that they are included in the warning message generated by `${SCRIPTSDIR}/security-check.awk`.