svn commit: r245316 - in head: . etc

[Brooks Davis]

On Fri, Jan 11, 2013 at 03:40:35PM -0800, Peter Wemm wrote:
> On Fri, Jan 11, 2013 at 3:19 PM, Peter Wemm <peter at wemm.org> wrote:
> > On Fri, Jan 11, 2013 at 3:08 PM, Brooks Davis <brooks at freebsd.org> wrote:
> >
> >> -IMAKE=         ${IMAKEENV} ${MAKE} -f Makefile.inc1
> >> +IMAKE=         ${IMAKEENV} ${MAKE} -f Makefile.inc1 \
> >> +               INSTALL="install -N ${.CURDIR}/etc" \
> >> +               MTREE_CMD="nmtree -N ${.CURDIR}/etc"
> >
> > How does this work with worlds with different UID/GID assignments?
> > Eg: the freebsd.org cluster?
> >
> > ${.CURDIR}/etc/master.passwd does not match the installed system.
> 
> Case in point, the freebsd.org cluster has used postfix before
> sendmail gained its privilege separation.  We had:
> postfix:*:25:postfix
> postdrop:*:26:
> .. long before sendmail added:
> smmsp:*:25:
> mailnull:*:26:
> 
> On an existing machine we have:
> -r-xr-sr-x  1 root  smmsp  719336 Jan  6 15:13 /usr/libexec/sendmail/sendmail
> 
> But on the freebsd.org machines that have machines dating back to
> 1998, this change would cause:
> -r-xr-sr-x  1 root  postfix  719336 Jan  6 15:13 /usr/libexec/sendmail/sendmail
> 
> With a silent change like that, if the admin doesn't notice.. who can
> tell what would happen?  Silently giving sendmail setgid access to
> another subsystem's gid is.. just POLA violation at every conceivable
> level and potentially dangerous.
> 
> These tools from netbsd were meant for cross compiling.. ie: when DESTDIR != /.

I've reverted this change.  In my defense I'd note that NetBSD always
uses -N.  If you want non-standard uids and gids there you just end your
source tree.

-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20130111/6e361e39/attachment.sig>