ports/157129: [maintainer] misc/findutils fix usage of su(1) in gupdatedb
Klaus Aehlig
aehlig at linta.de
Tue May 17 21:20:08 UTC 2011
>Number: 157129
>Category: ports
>Synopsis: [maintainer] misc/findutils fix usage of su(1) in gupdatedb
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue May 17 21:20:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Klaus Aehlig
>Release: FreeBSD 8.2-STABLE amd64
>Organization:
>Environment:
System: FreeBSD kta1c10.sesnet.soton.ac.uk 8.2-STABLE FreeBSD 8.2-STABLE #1: Tue Apr 19 17:22:20 BST 2011 root at kta1c10.sesnet.soton.ac.uk:/usr/obj/usr/src/sys/KTA1C10 amd64
>Description:
misc/findutils brings a script gupdatedb to update the database for glocate.
To support restricting the database to only contain readable by a specific
user (in order to avoid leaking sensitive information from the file structure)
su(1) is used to call gfind(1). However, the assumption about how to call su(1)
differs from su(1) as provided by FreeBSD. This has the effect that su(1) fails
(resulting in an empty database) when a user with nologin as login shell
is used, like the nobody user.
>How-To-Repeat:
/usr/local/bin/gupdatedb --localuser=nobody
>Fix:
add the following patch to the files subdirectory of the port
and bump PORTREVISION.
--- patch-locate__updatedb.sh begins here ---
--- locate/updatedb.sh.orig 2011-04-03 23:53:12.000000000 +0100
+++ locate/updatedb.sh 2011-05-17 18:20:29.000000000 +0100
@@ -250,7 +250,7 @@
if test -n "$SEARCHPATHS"; then
if [ "$LOCALUSER" != "" ]; then
# : A1
- su $LOCALUSER `select_shell $LOCALUSER` -c \
+ su -m $LOCALUSER -c \
"$find $SEARCHPATHS $FINDOPTIONS \
\\( $prunefs_exp \
-type d -regex '$PRUNEREGEX' \\) -prune -o $print_option"
@@ -266,7 +266,7 @@
myuid=`getuid`
if [ "$myuid" = 0 ]; then
# : A3
- su $NETUSER `select_shell $NETUSER` -c \
+ su -m $NETUSER -c \
"$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
exit $?
else
@@ -319,7 +319,7 @@
if test -n "$SEARCHPATHS"; then
if [ "$LOCALUSER" != "" ]; then
# : A5
- su $LOCALUSER `select_shell $LOCALUSER` -c \
+ su -m $LOCALUSER -c \
"$find $SEARCHPATHS $FINDOPTIONS \
\( $prunefs_exp \
-type d -regex '$PRUNEREGEX' \) -prune -o $print_option" || exit $?
@@ -335,7 +335,7 @@
myuid=`getuid`
if [ "$myuid" = 0 ]; then
# : A7
- su $NETUSER `select_shell $NETUSER` -c \
+ su -m $NETUSER -c \
"$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
exit $?
else
--- patch-locate__updatedb.sh ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list