World-writable files installed by ports

Stanislav Sedov ssedov at mbsd.msk.ru
Thu Aug 31 16:35:01 UTC 2006 

On Thu, 31 Aug 2006 18:51:27 +0400
"Andrew Pantyukhin" <infofarmer at FreeBSD.org> mentioned:

> On 8/31/06, Alex Dupre <ale at freebsd.org> wrote:
> > Andrew Pantyukhin ha scritto:
> > > Under no circumstances should a port install world-writable
> > > files or directories.
> >
> > > www/eaccelerator/Makefile
> >
> > Where? I suspect you grep'ed 777 inside Makefiles, but in eaccelerator
> > there is indeed a 's/777/755/' substitution :-)
> 
> Yep, I said it was a simple grep, sorry for the noise :-)

Hmm, strange method... In fact, most of port you listed are harmless.

The most clean way is to grep for {CP}/{TAR}/{CPIO} in Makefiles
install- targets. There are thousands of such ports that doesn't
set permissions correctly.

Actually, all ports should ensure that permissions on files are
set to correct values corresponding to those of INSTALL_XXX,
otherwise user's umask might break some installs.

For situations when 'install' can't be used (e.g. when copying
directory trees), tar/cpio can be used instead. But in that
case permissions should be set explicitly (using find or smth.
else). I've written a macros to simplify that process, it's
awaiting portmgr decision in ports/100996, but it can already
be used by including it into your makefile. In fact, I use
it for a bunch of my ports. Or you can use your own, if you
didn't like mine ;-)

-- 
Stanislav Sedov         MBSD labs, Inc.         <ssedov at mbsd.msk.ru>
Россия, Москва         http://mbsd.msk.ru

--------------------------------------------------------------------
If the facts don't fit the theory, change the facts.  -- A. Einstein
--------------------------------------------------------------------
PGP fingerprint:  F21E D6CC 5626 9609 6CE2  A385 2BF5 5993 EB26 9581
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060831/5de4740e/signature.pgp

More information about the freebsd-ports mailing list