Date: Tue, 17 May 2011 22:13:02 +0100 (BST) From: Klaus Aehlig <aehlig@linta.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/157129: [maintainer] misc/findutils fix usage of su(1) in gupdatedb Message-ID: <20110517211302.B4D2639834@kta1c10.sesnet.soton.ac.uk> Resent-Message-ID: <201105172120.p4HLK8Aq084135@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 157129
>Category: ports
>Synopsis: [maintainer] misc/findutils fix usage of su(1) in gupdatedb
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue May 17 21:20:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Klaus Aehlig
>Release: FreeBSD 8.2-STABLE amd64
>Organization:
>Environment:
System: FreeBSD kta1c10.sesnet.soton.ac.uk 8.2-STABLE FreeBSD 8.2-STABLE #1: Tue Apr 19 17:22:20 BST 2011 root@kta1c10.sesnet.soton.ac.uk:/usr/obj/usr/src/sys/KTA1C10 amd64
>Description:
misc/findutils brings a script gupdatedb to update the database for glocate.
To support restricting the database to only contain readable by a specific
user (in order to avoid leaking sensitive information from the file structure)
su(1) is used to call gfind(1). However, the assumption about how to call su(1)
differs from su(1) as provided by FreeBSD. This has the effect that su(1) fails
(resulting in an empty database) when a user with nologin as login shell
is used, like the nobody user.
>How-To-Repeat:
/usr/local/bin/gupdatedb --localuser=nobody
>Fix:
add the following patch to the files subdirectory of the port
and bump PORTREVISION.
--- patch-locate__updatedb.sh begins here ---
--- locate/updatedb.sh.orig 2011-04-03 23:53:12.000000000 +0100
+++ locate/updatedb.sh 2011-05-17 18:20:29.000000000 +0100
@@ -250,7 +250,7 @@
if test -n "$SEARCHPATHS"; then
if [ "$LOCALUSER" != "" ]; then
# : A1
- su $LOCALUSER `select_shell $LOCALUSER` -c \
+ su -m $LOCALUSER -c \
"$find $SEARCHPATHS $FINDOPTIONS \
\\( $prunefs_exp \
-type d -regex '$PRUNEREGEX' \\) -prune -o $print_option"
@@ -266,7 +266,7 @@
myuid=`getuid`
if [ "$myuid" = 0 ]; then
# : A3
- su $NETUSER `select_shell $NETUSER` -c \
+ su -m $NETUSER -c \
"$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
exit $?
else
@@ -319,7 +319,7 @@
if test -n "$SEARCHPATHS"; then
if [ "$LOCALUSER" != "" ]; then
# : A5
- su $LOCALUSER `select_shell $LOCALUSER` -c \
+ su -m $LOCALUSER -c \
"$find $SEARCHPATHS $FINDOPTIONS \
\( $prunefs_exp \
-type d -regex '$PRUNEREGEX' \) -prune -o $print_option" || exit $?
@@ -335,7 +335,7 @@
myuid=`getuid`
if [ "$myuid" = 0 ]; then
# : A7
- su $NETUSER `select_shell $NETUSER` -c \
+ su -m $NETUSER -c \
"$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
exit $?
else
--- patch-locate__updatedb.sh ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110517211302.B4D2639834>