Subject: pkg/29256: x11-links may install with incorrect permissions
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <ian_leroux@fastmail.fm>
List: pkgsrc-bugs
Date: 02/06/2005 23:05:00
>Number: 29256
>Category: pkg
>Synopsis: x11-links may install with incorrect permissions
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Feb 06 23:05:00 +0000 2005
>Originator: Ian Leroux
>Release: NetBSD 2.0 Release
>Organization:
>Environment:
NetBSD schtroumpf.dyndns.org 2.0 NetBSD 2.0 (GENERIC) #0: Wed Dec 1 10:58:25 UTC 2004 builds@build:/big/builds/ab/netbsd-2-0-RELEASE/i386/200411300000Z-obj/big/builds/ab/netbsd-2-0-RELEASE/src/sys/arch/i386/compile/GENERIC i386
>Description:
The pkgtools/x11-links creates a link-farm under work/ and then copies
it to ${PREFIX}/share/ for use in building X packages.
The directory tree holding the links is created according to the umask
of the user doing the build. If the umask is more restrictive than 022
(quite possible for an unprivileged account building packages with
just-in-time su), then the tree will not be world-readable, and
subsequent builds of X packages by unprivileged users (even the same one
as installed x11-links) will fail.
c.f. the tech-pkg thread "x11-links permissions" of last week.
>How-To-Repeat:
umask 077
cd /usr/pkgsrc/pkgtools/x11-links && make install
Now notice that the directories under /usr/pkg/share/x11-links
are not world-readable.
To show the consequences, as an unprivileged user do the following
cd /usr/pkgsrc/wm/ratpoison && make install
watch the header-not-found errors scroll by
(ratpoison is just an easy example, other X packages behave similarly)
>Fix:
--- Makefile.orig 2005-01-31 20:16:33.000000000 -0500
+++ Makefile.fixed 2005-02-01 19:31:32.000000000 -0500
@@ -53,11 +53,14 @@
do-build:
${MKDIR} ${X11_LINKS_BUILD_DIR}
+ ${CHMOD} ${PKGDIRMODE} ${X11_LINKS_BUILD_DIR}
${RM} -f ${PLIST_SRC.dirs}
${FILES_LIST_CMD} | ${SED} -e "s,/[^/]*$$,," | ${SORT} -u | \
while read dir; do \
if [ -d ${X11BASE}/$$dir ]; then \
${MKDIR} ${X11_LINKS_BUILD_DIR}/$$dir; \
+ ${CHMOD} ${PKGDIRMODE} \
+ ${X11_LINKS_BUILD_DIR}/$$dir; \
${ECHO} "@dirrm ${X11_LINKS_SUBDIR}/$$dir" \
>> ${PLIST_SRC.dirs}; \
fi; \