NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

misc/47645: /etc/daily and /etc/security may use wrong pkg_admin

>Number:         47645
>Category:       misc
>Synopsis:       /etc/daily and /etc/security may use wrong pkg_admin
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 14 03:30:00 +0000 2013
>Originator:     Valery Ushakov
>Release:        NetBSD 6.1
NetBSD pony 6.1_RC1 NetBSD 6.1_RC1 (GENERIC) #0: Mon Mar 11 03:09:49 MSK 2013  

This is a follow up to security/36746, which was fixed by making
location of pkg_info binary configurable.

Since that time /etc/security started using pkg_admin, which has the
same problem. And /etc/daily also started using pkg_info and pkg_admin
with the same results.

Install pkgtools/pkg_install package.
Disable pkg_install in base (/usr/sbin) by making it non-executable.
Observe daily and security failing with:

  /etc/daily: pkg_info: permission denied

  /etc/security: pkg_admin: permission denied


Home | Main Index | Thread Index | Old Index