Subject: Re: Package-specific users and groups & unprivileged builds
To: None <tech-pkg@netbsd.org>
From: Roland Illig <rillig@NetBSD.org>
List: tech-pkg
Date: 06/18/2007 12:19:26
Joerg Sonnenberger wrote:
> On Fri, Jun 15, 2007 at 07:20:44PM -0400, Johnny C. Lam wrote:
> 
>>The following diff does two things:
>>
>>(1) It adds two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
>>    unprivileged.mk.  These two variables are lists of other bmake
>>    variables that define package-specific users and groups.  Packages
>>    that have user-settable variables for users and groups, e.g. apache
>>    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
>>    etc.  should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
>>    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
>>    and ${UNPRIVILEGED_GROUP}.
>>
>>(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
>>
>>Thoughts?
> 
> 
> This can break the security model of applications and the user account
> in general with setuid binaries. This should be carefully kept in
> mind...

Since this change has only effects on installations where you build and 
install the packages as unprivileged user (and usually don't have access 
to the root account), this cannot be prevented.

But when pkgsrc will finally support building and creating binary 
packages in unprivileged mode, and when these packages can later be 
installed by root, the separation of the user accounts should be done again.

Roland