Hi ports fellows, As part of the investigation for ports/116222 we found that installing a port after a plain `su' may install files with the wrong uid:gid.
As you can see from the snippets quoted below from the PR trail, the problem goes away if one uses `su -' to install ports. % Date: Sun, 9 Sep 2007 08:32:57 GMT % Message-Id: <[EMAIL PROTECTED]> % From: Nate Eldredge <[EMAIL PROTECTED]> % Subject: ports/116222: editors/emacs: files installed with wrong owner % To: [EMAIL PROTECTED] % % >Number: 116222 % >Category: ports % >Synopsis: editors/emacs: files installed with wrong owner % [...] % # ls -l /usr/local/share/emacs/22.1/ % total 22 % drwxr-xr-x 5 nate wheel 3072 Sep 9 01:19 etc % drwxr-xr-x 4 root wheel 512 Sep 9 01:19 leim % drwxr-xr-x 20 nate wheel 12800 Sep 9 01:19 lisp % drwxr-xr-x 2 root wheel 512 Sep 9 01:19 site-lisp % % The contents of etc/ and lisp/ are likewise owned by nate. % % You might consider this a security problem, since now "nate" can tweak % the lisp files and cause everyones' emacs to do funny things. Of course % in this case, "nate" was able to su to root anyway, but you could % imagine scenarios where this isn't the case. % From: Giorgos Keramidas <[EMAIL PROTECTED]> % To: Nate Eldredge <[EMAIL PROTECTED]> % Cc: [EMAIL PROTECTED] % Subject: ports/116222: Re: ports/116222: editors/emacs: files installed with wrong owner % Date: Thu, 27 Sep 2007 19:14:43 +0300 % % Can you try using "su -" to install the port? There's nothing special % about editors/emacs in the way the files are copied to `/usr/local', but % it uses tar(1) to copy files in `/usr/local'. This means that when the % files are copied, tar(1) tries to preserve the owner and/or group of the % original files. % From: Nate Eldredge <[EMAIL PROTECTED]> % To: Giorgos Keramidas <[EMAIL PROTECTED]> % Cc: [EMAIL PROTECTED] % Subject: ports/116222: Re: ports/116222: editors/emacs: files installed with wrong owner % Date: Thu, 27 Sep 2007 11:10:16 -0700 (PDT) % % That fixes it, but I agree it should not be necessary. % Thanks for looking at this. Is there any way to make sure this does not happen, or do we generally suggest installing ports only from `su -' sessions? The real question about the PR is, should editors/emacs and emacs-devel be patched to install the files with the correct permissions, or is this something we don't really care to install as a workaround? - Giorgos _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
