From owner-svn-src-all@FreeBSD.ORG Fri Jan 11 23:51:45 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 6F214D89; Fri, 11 Jan 2013 23:51:45 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (lor.one-eyed-alien.net [69.66.77.232]) by mx1.freebsd.org (Postfix) with ESMTP id 1A570A3F; Fri, 11 Jan 2013 23:51:43 +0000 (UTC) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.14.5/8.14.5) with ESMTP id r0BNphbe091611; Fri, 11 Jan 2013 17:51:43 -0600 (CST) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.14.5/8.14.5/Submit) id r0BNphBZ091610; Fri, 11 Jan 2013 17:51:43 -0600 (CST) (envelope-from brooks) Date: Fri, 11 Jan 2013 17:51:43 -0600 From: Brooks Davis To: Peter Wemm Subject: Re: svn commit: r245316 - in head: . etc Message-ID: <20130111235143.GA91287@lor.one-eyed-alien.net> References: <201301112308.r0BN8JP4093605@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, Brooks Davis , src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jan 2013 23:51:45 -0000 --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 11, 2013 at 03:40:35PM -0800, Peter Wemm wrote: > On Fri, Jan 11, 2013 at 3:19 PM, Peter Wemm wrote: > > On Fri, Jan 11, 2013 at 3:08 PM, Brooks Davis wrot= e: > > > >> -IMAKE=3D ${IMAKEENV} ${MAKE} -f Makefile.inc1 > >> +IMAKE=3D ${IMAKEENV} ${MAKE} -f Makefile.inc1 \ > >> + INSTALL=3D"install -N ${.CURDIR}/etc" \ > >> + MTREE_CMD=3D"nmtree -N ${.CURDIR}/etc" > > > > How does this work with worlds with different UID/GID assignments? > > Eg: the freebsd.org cluster? > > > > ${.CURDIR}/etc/master.passwd does not match the installed system. >=20 > Case in point, the freebsd.org cluster has used postfix before > sendmail gained its privilege separation. We had: > postfix:*:25:postfix > postdrop:*:26: > .. long before sendmail added: > smmsp:*:25: > mailnull:*:26: >=20 > On an existing machine we have: > -r-xr-sr-x 1 root smmsp 719336 Jan 6 15:13 /usr/libexec/sendmail/send= mail >=20 > But on the freebsd.org machines that have machines dating back to > 1998, this change would cause: > -r-xr-sr-x 1 root postfix 719336 Jan 6 15:13 /usr/libexec/sendmail/se= ndmail >=20 > With a silent change like that, if the admin doesn't notice.. who can > tell what would happen? Silently giving sendmail setgid access to > another subsystem's gid is.. just POLA violation at every conceivable > level and potentially dangerous. >=20 > These tools from netbsd were meant for cross compiling.. ie: when DESTDIR= !=3D /. I've reverted this change. In my defense I'd note that NetBSD always uses -N. If you want non-standard uids and gids there you just end your source tree. -- Brooks --DocE+STaALJfprDB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iD8DBQFQ8KWPXY6L6fI4GtQRAhEiAJ9ks8D1CY3aur8N9VHLBL3XgUqLfQCgg9SW qX5aju1Nou7QM5C0EoLpZ1M= =G/Bb -----END PGP SIGNATURE----- --DocE+STaALJfprDB--