pkg/29256: x11-links may install with incorrect permissions

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/29256: x11-links may install with incorrect permissions
From: ian_leroux%fastmail.fm@localhost
Date: Sun, 6 Feb 2005 23:05:00 +0000 (UTC)

>Number:         29256
>Category:       pkg
>Synopsis:       x11-links may install with incorrect permissions
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Feb 06 23:05:00 +0000 2005
>Originator:     Ian Leroux
>Release:        NetBSD 2.0 Release
>Organization:
>Environment:
NetBSD schtroumpf.dyndns.org 2.0 NetBSD 2.0 (GENERIC) #0: Wed Dec  1 10:58:25 
UTC 2004  
builds@build:/big/builds/ab/netbsd-2-0-RELEASE/i386/200411300000Z-obj/big/builds/ab/netbsd-2-0-RELEASE/src/sys/arch/i386/compile/GENERIC
 i386

>Description:
The pkgtools/x11-links creates a link-farm under work/ and then copies
it to ${PREFIX}/share/ for use in building X packages.
The directory tree holding the links is created according to the umask
of the user doing the build.  If the umask is more restrictive than 022
(quite possible for an unprivileged account building packages with
just-in-time su), then the tree will not be world-readable, and
subsequent builds of X packages by unprivileged users (even the same one
as installed x11-links) will fail.

c.f. the tech-pkg thread "x11-links permissions" of last week.
>How-To-Repeat:
umask 077

cd /usr/pkgsrc/pkgtools/x11-links && make install

Now notice that the directories under /usr/pkg/share/x11-links
are not world-readable.

To show the consequences, as an unprivileged user do the following

cd /usr/pkgsrc/wm/ratpoison && make install

watch the header-not-found errors scroll by
(ratpoison is just an easy example, other X packages behave similarly)
>Fix:


--- Makefile.orig       2005-01-31 20:16:33.000000000 -0500
+++ Makefile.fixed      2005-02-01 19:31:32.000000000 -0500
@@ -53,11 +53,14 @@

 do-build:
        ${MKDIR} ${X11_LINKS_BUILD_DIR}
+       ${CHMOD} ${PKGDIRMODE} ${X11_LINKS_BUILD_DIR}
        ${RM} -f ${PLIST_SRC.dirs}
        ${FILES_LIST_CMD} | ${SED} -e "s,/[^/]*$$,," | ${SORT} -u |     \
        while read dir; do                                              \
                if [ -d ${X11BASE}/$$dir ]; then                        \
                        ${MKDIR} ${X11_LINKS_BUILD_DIR}/$$dir;          \
+                       ${CHMOD} ${PKGDIRMODE}                          \
+                               ${X11_LINKS_BUILD_DIR}/$$dir;           \
                        ${ECHO} "@dirrm ${X11_LINKS_SUBDIR}/$$dir"      \
                                >> ${PLIST_SRC.dirs};                   \
                fi;                                                     \

Prev by Date: pkg/29255: mail/spamassassin needs to be run twice after makefile is rebuilt
Next by Date: Re: pkg/25955
Previous by Thread: pkg/29255: mail/spamassassin needs to be run twice after makefile is rebuilt
Next by Thread: PR/25955 CVS commit: pkgsrc/net/libdnet
Indexes:

Home | Main Index | Thread Index | Old Index