svn commit: r245316 - in head: . etc
Brooks Davis
brooks at freebsd.org
Fri Jan 11 23:51:45 UTC 2013
On Fri, Jan 11, 2013 at 03:40:35PM -0800, Peter Wemm wrote:
> On Fri, Jan 11, 2013 at 3:19 PM, Peter Wemm <peter at wemm.org> wrote:
> > On Fri, Jan 11, 2013 at 3:08 PM, Brooks Davis <brooks at freebsd.org> wrote:
> >
> >> -IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1
> >> +IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1 \
> >> + INSTALL="install -N ${.CURDIR}/etc" \
> >> + MTREE_CMD="nmtree -N ${.CURDIR}/etc"
> >
> > How does this work with worlds with different UID/GID assignments?
> > Eg: the freebsd.org cluster?
> >
> > ${.CURDIR}/etc/master.passwd does not match the installed system.
>
> Case in point, the freebsd.org cluster has used postfix before
> sendmail gained its privilege separation. We had:
> postfix:*:25:postfix
> postdrop:*:26:
> .. long before sendmail added:
> smmsp:*:25:
> mailnull:*:26:
>
> On an existing machine we have:
> -r-xr-sr-x 1 root smmsp 719336 Jan 6 15:13 /usr/libexec/sendmail/sendmail
>
> But on the freebsd.org machines that have machines dating back to
> 1998, this change would cause:
> -r-xr-sr-x 1 root postfix 719336 Jan 6 15:13 /usr/libexec/sendmail/sendmail
>
> With a silent change like that, if the admin doesn't notice.. who can
> tell what would happen? Silently giving sendmail setgid access to
> another subsystem's gid is.. just POLA violation at every conceivable
> level and potentially dangerous.
>
> These tools from netbsd were meant for cross compiling.. ie: when DESTDIR != /.
I've reverted this change. In my defense I'd note that NetBSD always
uses -N. If you want non-standard uids and gids there you just end your
source tree.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20130111/6e361e39/attachment.sig>
More information about the svn-src-head
mailing list