Date: Thu, 31 Aug 2006 20:34:21 +0400 From: Stanislav Sedov <ssedov@mbsd.msk.ru> To: "Andrew Pantyukhin" <infofarmer@FreeBSD.org> Cc: FreeBSD Ports <ports@freebsd.org>, secteam@freebsd.org, Alex Dupre <ale@freebsd.org>, portmgr@freebsd.org Subject: Re: World-writable files installed by ports Message-ID: <20060831203421.6fe9b72c@localhost> In-Reply-To: <cb5206420608310751r4d905cfan5a33377aacf416ed@mail.gmail.com> References: <cb5206420608310715y7f9718e2j8736237f7943fad@mail.gmail.com> <44F6F251.5080001@FreeBSD.org> <cb5206420608310751r4d905cfan5a33377aacf416ed@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_QrWSpUnIHfCRs309b_sIPoG
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable
On Thu, 31 Aug 2006 18:51:27 +0400
"Andrew Pantyukhin" <infofarmer@FreeBSD.org> mentioned:
> On 8/31/06, Alex Dupre <ale@freebsd.org> wrote:
> > Andrew Pantyukhin ha scritto:
> > > Under no circumstances should a port install world-writable
> > > files or directories.
> >
> > > www/eaccelerator/Makefile
> >
> > Where? I suspect you grep'ed 777 inside Makefiles, but in eaccelerator
> > there is indeed a 's/777/755/' substitution :-)
>=20
> Yep, I said it was a simple grep, sorry for the noise :-)
Hmm, strange method... In fact, most of port you listed are harmless.
The most clean way is to grep for {CP}/{TAR}/{CPIO} in Makefiles
install- targets. There are thousands of such ports that doesn't
set permissions correctly.
Actually, all ports should ensure that permissions on files are
set to correct values corresponding to those of INSTALL_XXX,
otherwise user's umask might break some installs.
For situations when 'install' can't be used (e.g. when copying
directory trees), tar/cpio can be used instead. But in that
case permissions should be set explicitly (using find or smth.
else). I've written a macros to simplify that process, it's
awaiting portmgr decision in ports/100996, but it can already
be used by including it into your makefile. In fact, I use
it for a bunch of my ports. Or you can use your own, if you
didn't like mine ;-)
--=20
Stanislav Sedov MBSD labs, Inc. <ssedov@mbsd.msk.ru>
=F2=CF=D3=D3=C9=D1, =ED=CF=D3=CB=D7=C1 http://mbsd.msk.ru
--------------------------------------------------------------------
If the facts don't fit the theory, change the facts. -- A. Einstein
--------------------------------------------------------------------
PGP fingerprint: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581
--Sig_QrWSpUnIHfCRs309b_sIPoG
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)
iD8DBQFE9w+NK/VZk+smlYERAlJTAJ48zDr5M7eBPjT94HOWJl9d+R5lsQCfeIqS
w/yVF4fiIEjg5azl7mD9OkQ=
=EDLS
-----END PGP SIGNATURE-----
--Sig_QrWSpUnIHfCRs309b_sIPoG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060831203421.6fe9b72c>