Subject: Re: Package-specific users and groups & unprivileged builds
To: None <tech-pkg@netbsd.org>
From: Johnny C. Lam <jlam@pkgsrc.org>
List: tech-pkg
Date: 06/18/2007 09:30:23
Joerg Sonnenberger wrote:
> On Fri, Jun 15, 2007 at 07:20:44PM -0400, Johnny C. Lam wrote:
>> The following diff does two things:
>>
>> (1) It adds two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
>>     unprivileged.mk.  These two variables are lists of other bmake
>>     variables that define package-specific users and groups.  Packages
>>     that have user-settable variables for users and groups, e.g. apache
>>     and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
>>     etc.  should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
>>     so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
>>     and ${UNPRIVILEGED_GROUP}.
>>
>> (2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
>>
>> Thoughts?
> 
> This can break the security model of applications and the user account
> in general with setuid binaries. This should be carefully kept in
> mind...

This is why I had the separate proposal for unprivileged pkgsrc with 
regards to set-id binaries.

	Cheers,

	-- Johnny Lam <jlam@pkgsrc.org>