Date: Thu, 31 Aug 2006 20:34:21 +0400 From: Stanislav Sedov <ssedov@mbsd.msk.ru> To: "Andrew Pantyukhin" <infofarmer@FreeBSD.org> Cc: FreeBSD Ports <ports@freebsd.org>, secteam@freebsd.org, Alex Dupre <ale@freebsd.org>, portmgr@freebsd.org Subject: Re: World-writable files installed by ports Message-ID: <20060831203421.6fe9b72c@localhost> In-Reply-To: <cb5206420608310751r4d905cfan5a33377aacf416ed@mail.gmail.com> References: <cb5206420608310715y7f9718e2j8736237f7943fad@mail.gmail.com> <44F6F251.5080001@FreeBSD.org> <cb5206420608310751r4d905cfan5a33377aacf416ed@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_QrWSpUnIHfCRs309b_sIPoG Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable On Thu, 31 Aug 2006 18:51:27 +0400 "Andrew Pantyukhin" <infofarmer@FreeBSD.org> mentioned: > On 8/31/06, Alex Dupre <ale@freebsd.org> wrote: > > Andrew Pantyukhin ha scritto: > > > Under no circumstances should a port install world-writable > > > files or directories. > > > > > www/eaccelerator/Makefile > > > > Where? I suspect you grep'ed 777 inside Makefiles, but in eaccelerator > > there is indeed a 's/777/755/' substitution :-) >=20 > Yep, I said it was a simple grep, sorry for the noise :-) Hmm, strange method... In fact, most of port you listed are harmless. The most clean way is to grep for {CP}/{TAR}/{CPIO} in Makefiles install- targets. There are thousands of such ports that doesn't set permissions correctly. Actually, all ports should ensure that permissions on files are set to correct values corresponding to those of INSTALL_XXX, otherwise user's umask might break some installs. For situations when 'install' can't be used (e.g. when copying directory trees), tar/cpio can be used instead. But in that case permissions should be set explicitly (using find or smth. else). I've written a macros to simplify that process, it's awaiting portmgr decision in ports/100996, but it can already be used by including it into your makefile. In fact, I use it for a bunch of my ports. Or you can use your own, if you didn't like mine ;-) --=20 Stanislav Sedov MBSD labs, Inc. <ssedov@mbsd.msk.ru> =F2=CF=D3=D3=C9=D1, =ED=CF=D3=CB=D7=C1 http://mbsd.msk.ru -------------------------------------------------------------------- If the facts don't fit the theory, change the facts. -- A. Einstein -------------------------------------------------------------------- PGP fingerprint: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581 --Sig_QrWSpUnIHfCRs309b_sIPoG Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFE9w+NK/VZk+smlYERAlJTAJ48zDr5M7eBPjT94HOWJl9d+R5lsQCfeIqS w/yVF4fiIEjg5azl7mD9OkQ= =EDLS -----END PGP SIGNATURE----- --Sig_QrWSpUnIHfCRs309b_sIPoG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060831203421.6fe9b72c>