ports/85247: [SECURITY] www/oops oops user creation possible problem
Dmitry Morozovsky
marck at FreeBSD.org
Tue Aug 23 14:20:09 UTC 2005
>Number: 85247
>Category: ports
>Synopsis: [SECURITY] www/oops oops user creation possible problem
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 23 14:20:07 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Dmitry Morozovsky
>Release: FreeBSD {4,5}-STABLE i386
>Organization:
Cronyx Plus LLC (RiNet ISP)
>Environment:
System: FreeBSD {4,5}-STABLE
>Description:
It has been somehow overlooked that oops pseudo-user created by th einstall
script has default group of 0. Having in mind that many systems now have
sudo(8) installed and, moreover, most of known sudo configurations use group
wheel (0) as privileged.
So, I've decided to change default group to nogroup.
As this fault may have security impacts, I'd like to see this patch committed before 6.0-R.
>How-To-Repeat:
>Fix:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/oops/Makefile,v
retrieving revision 1.37
diff -u -r1.37 Makefile
--- Makefile 30 May 2005 21:20:39 -0000 1.37
+++ Makefile 23 Aug 2005 13:44:03 -0000
@@ -7,7 +7,7 @@
PORTNAME= oops
PORTVERSION= ${OOPSVERSION}
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= www
MASTER_SITES= http://oops-cache.org/
DISTNAME= ${PORTNAME}-${OOPSVERSION}
Index: pkg-install
===================================================================
RCS file: /home/ncvs/ports/www/oops/pkg-install,v
retrieving revision 1.4
diff -u -r1.4 pkg-install
--- pkg-install 5 Feb 2005 18:33:40 -0000 1.4
+++ pkg-install 23 Aug 2005 13:44:03 -0000
@@ -1,7 +1,7 @@
#!/bin/sh
user=oops
-group=wheel
+group=nogroup
ask() {
local question default answer
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list