ports/124257: [PATCH] security/sguil-server: ${PREFIX}/lib/sguil-server has wrong perm, owner and group

Tomoyuki Sakurai cherry at trombik.org
Thu Jun 5 17:20:03 UTC 2008 

The following reply was made to PR ports/124257; it has been noted by GNATS.

From: Tomoyuki Sakurai <cherry at trombik.org>
To: bug-followup at FreeBSD.org
Cc:  
Subject: Re: ports/124257: [PATCH] security/sguil-server: ${PREFIX}/lib/sguil-server has wrong perm, owner and group
Date: Fri, 6 Jun 2008 01:54:14 +0900

 I don't have any pointer to proper permission of lib directory.
 However, I'll show you some facts.
 
 The following command shows nothing on my hosts (FreeBSD, OpenBSD and
 Gentoo/Linux). My laptop has more than 1,500 ports installed.
 
 > find /usr/local/lib -type d -perm 750
 
 The next one shows the current ports tree doesn't have any port which installs
 anything into ${PREFIX}/lib with 750. Of course, the regex isn't perfect (it
 misses ${INSTALL} in multiple lines, ports like yours which doesn't use
 ${MACRO} provided by the ports framework and various other reasons). However, 
 if you find a port which uses 0750 as permission for lib directory, let me 
 know. I'm happy to submit another PR.
 
 > ack -a '\${INSTALL}.*-m\s+\d?7\d{2}\s.*\${PREFIX}/lib[^ed]' /usr/ports/
 
 /usr/ports/databases/libudbc/Makefile
 41:     @${INSTALL} -c -o ${SHAREOWN} -g ${SHAREGRP} -m 755  
 ${WRKDIR}/udbcsdk/lib/libudbc.la ${PREFIX}/lib
 
 42:     @${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m 755 
 ${WRKDIR}/udbcsdk/lib/libudbc.so ${PREFIX}/lib
 
 
 /usr/ports/devel/linuxthreads/Makefile
 216:    ${INSTALL} -d -o ${BINOWN} -g ${BINGRP} -m 0755 ${PREFIX}/lib
 
 
 /usr/ports/devel/linuxthreads/files/patch-aa
 146:+   ${INSTALL} -d -o ${BINOWN} -g ${BINGRP} -m 0755 ${PREFIX}/lib
 
 
 /usr/ports/security/bsp_upektfmess/Makefile
 54:     ${INSTALL} -o root -m 0755 ${TFMESSPATH}/libtfmessbsp.so ${PREFIX}/lib
 
 NOTE: ${LIBOWN} is defined in /usr/share/mk/bsd.own.mk
 
 Thanks to 0750, findlibusers.py[1] doesn't work anymore when executed by an
 unprivileged user. You're free to say that its error handling is not robust
 enough, of courese. Also, locate(1) silently ignores any files under
 ${PREFIX}/lib/sguil-server. The user will find out that s/he is not supposed 
 to assume that system lib directory is world-readable.
 
 I'm sure it breaks other things.
 
 7[05]0 makes sense in some cases (mostly for security season), but not in this
 case. If you have a particular reason, I'd like to know.
 
 [1] http://www.maxlor.com/freebsd-scripts.shtml
 
 -- 
 Tomoyuki Sakurai

More information about the freebsd-ports-bugs mailing list