Date: Thu, 13 Feb 1997 14:50:25 -0800 (PST) From: Paul Traina <pst@jnx.com> To: FreeBSD-gnats-submit@freebsd.org Cc: jkh@freebsd.org Subject: bin/2730: pkg_extract @owner/@group/@mode does not work Message-ID: <199702132250.OAA11206@base.jnx.com> Resent-Message-ID: <199702132300.PAA16319@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2730 >Category: bin >Synopsis: pkg_extract @owner/@group/@mode does not work >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 13 15:00:02 PST 1997 >Last-Modified: >Originator: Paul Traina >Organization: Juniper Networks >Release: FreeBSD 2.2-CURRENT i386 >Environment: FreeBSD 2.2 -current [PLEASE FIX THIS IN 2.2!] I have a PLIST with the following stuff in it: @name juniper_host @cwd /usr @owner bin @group bin sbin/food @owner root @mode 4111 sbin/cli @mode @owner bin IMPORTANT: We don't user @owner/@group in FreeBSD packages because packages are created by root, so FreeBSD relies on tar "doing the right thing". However, this seems bogus. It should be possible to create packages without being root on the local system (for instance, if you want to use pkg_add for software distribution), and use the owner/group/mode directives to do fixups at the remote side. This is not a security problem in my view. >Description: pkg_extract documents and implements support for having the final extractor set owner group and mode permissions after extracting data from the .tgz file. These commands were broken in: revision 1.7 date: 1995/05/19 22:40:54; author: jkh; state: Exp; lines: +3 -3 Only apply @mode directives to files. Don't use the -p flag to tar; it sets the files to the wrong permissions. Submitted by: jmz Which attempted to not apply @owner/@group/@mode permissions to directories in an attempt to avoid accidently misseting directory permissions. I think this entire change is incorrect. I feel that: (a) the -p option to tar should be used, as packages should not be affected by root's umask (if this is otherwise handled by setting umask to 0 in pkg_add, that is fine too, and you can ignore this comment. (b) The patch seems to want to check to see if permission changes are to be applied to a directory, HOWEVER, the test checks to see if the remote directory is a directory, which is always true, so apply_perms is never called, which breaks these directives. Finally, I think the justification for the patch was indeed incorrect. If someone wants to change the owner, group, or mode on a directory, the package author should be a big enough boy or girl to not screw up modes on directoiries listed in the PLIST. >How-To-Repeat: Use a PLIST with owner/mode/group. >Fix: Index: extract.c =================================================================== RCS file: /cvs/freebsd/src/usr.sbin/pkg_install/add/extract.c,v retrieving revision 1.7 diff -u -r1.7 extract.c --- extract.c 1995/05/19 22:40:54 1.7 +++ extract.c 1997/02/13 22:39:13 @@ -34,13 +34,13 @@ if (strlen(where_args) > sizeof(STARTSTRING)-1) { \ strcat(where_args, "|tar xf - -C "); \ strcat(where_args, todir); \ if (system(where_args)) \ barf("can't invoke tar pipeline"); \ strcpy(where_args, STARTSTRING); \ where_count = sizeof(STARTSTRING)-1; \ } \ if (perm_count) { \ - if (!isdir(todir)) apply_perms(todir, perm_args); \ + apply_perms(todir, perm_args); \ perm_args[0] = 0;\ perm_count = 0; \ } >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702132250.OAA11206>