ports/147779: [patch] port www/sbox-dtc: quotes makes crazy UID value
Serg
mail_of_sergey at mail.ru
Thu Jun 10 22:50:02 UTC 2010
>Number: 147779
>Category: ports
>Synopsis: [patch] port www/sbox-dtc: quotes makes crazy UID value
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 10 22:50:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Serg
>Release: FreeBSD 8.0-RELEASE-p1 i386
>Organization:
>Environment:
FreeBSD acc.acc.tula.ru 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #2: Fri Mar 19 14:29:25 MSK 2010 root at acc.acc.tula.ru:/usr/obj/usr/src/sys/Z i386
>Description:
The quotes at -DUID_MIN and -DGID_MIN CFLAGS makes crazy UID value.
Example:
SBOX_UIDMIN?= 1000
SBOX_GIDMIN?= 1000
Try to run cgi-script:
the directory containing /home/export/web/fluffy/cgi-bin/test.cgi must not be owned by a UID less than 134523267
But minimal UID is 1000!
Ater removing the quotes at -DUID_MIN and -DGID_MIN CFLAGS the cgi-script was run.
>How-To-Repeat:
Just install sbox and try to use it.
>Fix:
Remove the quotes around -DUID_MIN and -DGID_MIN CFLAGS.
Patch attached with submission follows:
--- Makefile 2010-06-11 02:25:42.000000000 +0400
+++ Makefile~ 2010-04-19 22:55:38.000000000 +0400
@@ -20,8 +20,8 @@
CFLAGS+= -DWEB_USER='\"${WWWOWN}\"' \
-DWEB_GROUP='\"${WWWGRP}\"' \
- -DUID_MIN='${SBOX_UIDMIN}' \
- -DGID_MIN='${SBOX_GIDMIN}' \
+ -DUID_MIN='\"${SBOX_UIDMIN}\"' \
+ -DGID_MIN='\"${SBOX_GIDMIN}\"' \
-DSAFE_PATH='\"${SBOX_SAFEPATH}\"' \
-DLOG_FILE='\"${SBOX_LOGFILE}\"'
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list