svn commit: r245316 - in head: . etc
Peter Wemm
peter at wemm.org
Fri Jan 11 23:40:37 UTC 2013
On Fri, Jan 11, 2013 at 3:19 PM, Peter Wemm <peter at wemm.org> wrote:
> On Fri, Jan 11, 2013 at 3:08 PM, Brooks Davis <brooks at freebsd.org> wrote:
>
>> -IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1
>> +IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1 \
>> + INSTALL="install -N ${.CURDIR}/etc" \
>> + MTREE_CMD="nmtree -N ${.CURDIR}/etc"
>
> How does this work with worlds with different UID/GID assignments?
> Eg: the freebsd.org cluster?
>
> ${.CURDIR}/etc/master.passwd does not match the installed system.
Case in point, the freebsd.org cluster has used postfix before
sendmail gained its privilege separation. We had:
postfix:*:25:postfix
postdrop:*:26:
.. long before sendmail added:
smmsp:*:25:
mailnull:*:26:
On an existing machine we have:
-r-xr-sr-x 1 root smmsp 719336 Jan 6 15:13 /usr/libexec/sendmail/sendmail
But on the freebsd.org machines that have machines dating back to
1998, this change would cause:
-r-xr-sr-x 1 root postfix 719336 Jan 6 15:13 /usr/libexec/sendmail/sendmail
With a silent change like that, if the admin doesn't notice.. who can
tell what would happen? Silently giving sendmail setgid access to
another subsystem's gid is.. just POLA violation at every conceivable
level and potentially dangerous.
These tools from netbsd were meant for cross compiling.. ie: when DESTDIR != /.
--
Peter Wemm - peter at wemm.org; peter at FreeBSD.org; peter at yahoo-inc.com; KI6FJV
bitcoin:188ZjyYLFJiEheQZw4UtU27e2FMLmuRBUE
More information about the svn-src-head
mailing list