git: 2c26d77d989a - main - Remove /boot/efi from mtree, missed in 0b7472b3d8d2.
Nathan Whitehorn
nwhitehorn at freebsd.org
Tue Mar 2 18:58:12 UTC 2021
On 3/2/21 1:56 PM, Rodney W. Grimes wrote:
>>
>> On Tue, Mar 2, 2021, at 12:26 PM, Rodney W. Grimes wrote:
>>> This fails to apply the proper owner/group and mode values
>>> using what ever defaults are in place of the process running
>>> the build.
>> Keep in mind that this is the root of a mounted filesystem in the case where it matters, and the filesystem being mounted there doesn't support proper modes anyway, so the mtree values are a bit irrelevant anyway as the actual control of that is in the fstab.
> That assumes the mount is done and/or kept. My concern is more
> of a lack security (aka world writable) /boot/efi getting created
> in a distribution that then is *not* mounted for some reason,
> either by choice or error.
>
> mkdir should be stricken from use when possible, install -d
> should be used instead.
>
But that can't happen in this code. For one thing, it's only used in a
controlled environment to generate SD-card images for a handful of ARM
boards. For another the mount is set up and installed in fstab a couple
lines further down the same script.
-Nathan
More information about the dev-commits-src-all
mailing list