ports/63112: bsd.port.mk warns that symlinks are world writeable

Andrew andrew at ugh.net.au
Fri Feb 20 05:40:14 UTC 2004 

>Number:         63112
>Category:       ports
>Synopsis:       bsd.port.mk warns that symlinks are world writeable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 19 21:40:13 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Andrew
>Release:        FreeBSD 4.8-RELEASE-p4 i386
>Organization:
UgH!
>Environment:
System: FreeBSD freebsd.syd.ntt.net.au 4.8-RELEASE-p18 FreeBSD 4.8-RELEASE-p18 #0: Wed Sep 10 18:31:36 EST 2003 andrews at freebsd.syd.ntt.net.au:/usr/obj/usr/src/sys/FREEBSD i386


	
>Description:

When installing a port that installs a symbolic link (such as lang/ruby16)
a warning is printed about these links in the world writeable section of
the security report. I'm not sure this is correct behaviour as that writeable
bit doesn't really mean that for symlinks (actually what do the permissions
on a symlink mean?).

>How-To-Repeat:
	
>Fix:

The below patch just excludes symlinks from the report.

--- bsd.port.mk.orig	Fri Feb 20 16:00:23 2004
+++ bsd.port.mk	Fri Feb 20 16:12:24 2004
@@ -3642,7 +3642,7 @@
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
 	| ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f \( -perm -4000 -o -perm -2000 \) \( -perm -0010 -o -perm -0001 \) 2> /dev/null > ${WRKDIR}/.PLIST.setuid; \
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
-	| ${XARGS} -0 -J % ${FIND} % -prune -perm -0002 2> /dev/null > ${WRKDIR}/.PLIST.writable; \
+	| ${XARGS} -0 -J % ${FIND} % -prune -perm -0002 \! -type l 2> /dev/null > ${WRKDIR}/.PLIST.writable; \
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
 	| ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f -print0 2> /dev/null \
 	| ${XARGS} -0 -n 1 /usr/bin/objdump -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump; \
@@ -3705,7 +3705,7 @@
 			fi; \
 		fi; \
 		if [ ! -L "${PREFIX}/$$i" ]; then \
-			if [ -n "`${FIND} ${PREFIX}/$$i -prune -perm -0002 2>/dev/null`" ]; then \
+			if [ -n "`${FIND} ${PREFIX}/$$i -prune -perm -0002 \! -type l 2>/dev/null`" ]; then \
 				 ${ECHO_CMD} ${PREFIX}/$$i >> ${WRKDIR}/.PLIST.writable; \
 			fi; \
 		fi; \

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list