Date: Thu, 29 Jul 1999 16:14:57 +0200 From: Slawek Zak <zaks@prioris.im.pw.edu.pl> To: freebsd-ports@freebsd.org Cc: freebsd-security@freebsd.org Subject: Extracted files' permissions Message-ID: <19990729161457.A727@prioris.im.pw.edu.pl>
next in thread | raw e-mail | index | archive | help
When I lately extracted some packages, I have noticed that owners of the files and directories are random (try make extract lang/lua or lang/erlang) These UIDs may or may not exist on your system. If they do, the files can be easily overwritten by malicious user and lead to compromise of the system. So my question is if it should be treated as bug, and reported to the packager, or maybe there should be an additional step in extracting these files, in which the owner would be changed to 0:0. Of course the easiest solution would be chmod og= /usr/ports :) -- * Suavek Zak * email: zaks@im.pw.edu.pl voice: +48 (0) 22 674 66 79 * PGP v2.3: 2048/9A7CBF71, finger://zaks@prioris.im.pw.edu.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990729161457.A727>