On Fri, Jan 11, 2013 at 03:40:35PM -0800, Peter Wemm wrote:
> On Fri, Jan 11, 2013 at 3:19 PM, Peter Wemm <pe...@wemm.org> wrote:
> > On Fri, Jan 11, 2013 at 3:08 PM, Brooks Davis <bro...@freebsd.org> wrote:
> >
> >> -IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1
> >> +IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1 \
> >> + INSTALL="install -N ${.CURDIR}/etc" \
> >> + MTREE_CMD="nmtree -N ${.CURDIR}/etc"
> >
> > How does this work with worlds with different UID/GID assignments?
> > Eg: the freebsd.org cluster?
> >
> > ${.CURDIR}/etc/master.passwd does not match the installed system.
>
> Case in point, the freebsd.org cluster has used postfix before
> sendmail gained its privilege separation. We had:
> postfix:*:25:postfix
> postdrop:*:26:
> .. long before sendmail added:
> smmsp:*:25:
> mailnull:*:26:
>
> On an existing machine we have:
> -r-xr-sr-x 1 root smmsp 719336 Jan 6 15:13 /usr/libexec/sendmail/sendmail
>
> But on the freebsd.org machines that have machines dating back to
> 1998, this change would cause:
> -r-xr-sr-x 1 root postfix 719336 Jan 6 15:13
> /usr/libexec/sendmail/sendmail
>
> With a silent change like that, if the admin doesn't notice.. who can
> tell what would happen? Silently giving sendmail setgid access to
> another subsystem's gid is.. just POLA violation at every conceivable
> level and potentially dangerous.
>
> These tools from netbsd were meant for cross compiling.. ie: when DESTDIR !=
> /.I've reverted this change. In my defense I'd note that NetBSD always uses -N. If you want non-standard uids and gids there you just end your source tree. -- Brooks
pgp3bu4fOhcZv.pgp
Description: PGP signature
