From owner-freebsd-ports@FreeBSD.ORG Sun May 19 20:25:24 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 0B61546D for ; Sun, 19 May 2013 20:25:24 +0000 (UTC) (envelope-from simon.wright@gmx.net) Received: from p-smtp-as-02.sunrise.ch (smtp.sunrise.ch [212.35.39.69]) by mx1.freebsd.org (Postfix) with ESMTP id A5C668CB for ; Sun, 19 May 2013 20:25:22 +0000 (UTC) Received: from smtp.wright-nafzger.org (mail.moalboal.org.uk [212.98.32.54]) by p-smtp-as-02.sunrise.ch (8.14.4/8.14.4) with ESMTP id r4JJU9Vd017686 for ; Sun, 19 May 2013 21:30:10 +0200 Received: from desk04.home.wright.org (desk04.home.wright.org [192.168.1.220]) by smtp.wright-nafzger.org (Weasel v1.73) for ; 19 May 2013 21:30:02 +0200 Message-ID: <5199283B.4010401@gmx.net> Date: Sun, 19 May 2013 21:30:03 +0200 From: Simon Wright User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:17.0) Gecko/20130517 Thunderbird/17.0.6 MIME-Version: 1.0 To: freebsd-ports@freebsd.org Subject: Re: Why does Samba requires 777 permissions on /tmp References: <20130519115232.49f52d01@scorpio> <20130519195639.79464471@raksha.tavi.co.uk> In-Reply-To: <20130519195639.79464471@raksha.tavi.co.uk> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms020301050704090306060909" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: simon.wright@gmx.net List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 May 2013 20:25:24 -0000 This is a cryptographically signed message in MIME format. --------------ms020301050704090306060909 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable On 05/19/13 20:56, Bob Eager wrote: > On Sun, 19 May 2013 13:34:49 -0500 > sindrome wrote: > >> can't authenticate to my samba server. There has to be a root of >> this problem to make them both work. Is there some other place >> portupgrade is having /tmp amended on without it being in my $PATH? > > I went back and had a closer look at your error message. What I hadn't > done (and neither had you, prior to that) was read and fully digest the= > error message. > > portupgrade is calling its 'system()' function to run a command. The > Ruby runtime does a sanity check to make sure that the directories in > the path are secure...and /tmp isn't. I suspect that portupgrade puts > temporary scripts into /tmp, then executes them; this implies that it's= > probably chdir'ing to /tmp, then haveing '.' in thge path, or even just= > adding /tmp to the path, although I don't think so. > > Anyway, what's insecure is that you don't have the sticky bit set. If > you use: > > chmod 1777 /tmp > > it ought to all work. Unfortunately it doesn't - for me at least! Here's the error I get=20 from portupgrade on (all of) my FreeBSD boxes: [simon@vmserver02 ~]$ sudo portupgrade -pP sysutils/webmin ---> Session started at: Sun, 19 May 2013 21:11:25 +0200 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning:=20 Insecure world writable dir /tmp/ in PATH, mode 041777 AFAIR this started around the time of the last Ruby update over a=20 year ago, the change and subsequent rollback to making the default=20 version of Ruby 1.9. I'm using 1.8.7 which I believe is still the=20 FBSD default version. Is anyone seeing this issue using Ruby 1.9? I definitely do not have /tmp in my $PATH. Cheers Simon. --------------ms020301050704090306060909 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKTDCC BRowggQCoAMCAQICEG0Z6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoT FVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3Qu Y29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQg RW1haWwwHhcNMTEwNDI4MDAwMDAwWhcNMjAwNTMwMTA0ODM4WjCBkzELMAkGA1UEBhMCR0Ix GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE ChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVudGlj YXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAJKEhFtLV5jUXi+LpOFAyKNTWF9mZfEyTvefMn1V0HhMVbdClOD5J3EHxcZppLkyxPFA GpDMJ1Zifxe1cWmu5SAb5MtjXmDKokH2auGj/7jfH0htZUOMKi4rYzh337EXrMLaggLW1DJq 1GdvIBOPXDX65VSAr9hxCh03CgJQU2yVHakQFLSZlVkSMf8JotJM3FLb3uJAAVtIaN3FSrTg 7SQfOq9xXwfjrL8UO7AlcWg99A/WF1hGFYE8aIuLgw9teiFX5jSw2zJ+40rhpVJyZCaRTqWS D//gsWD9Gm9oUZljjRqLpcxCm5t9ImPTqaD8zp6Q30QZ9FxbNboW86eb/8ECAwEAAaOCAUsw ggFHMB8GA1UdIwQYMBaAFImCZ33EnSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBR6E04AdFvG eGNkJ8Ev4qBbvHnFezAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADARBgNV HSAECjAIMAYGBFUdIAAwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDovL2NybC51c2VydHJ1c3Qu Y29tL1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFpbC5jcmwwdAYI KwYBBQUHAQEEaDBmMD0GCCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVRO QWRkVHJ1c3RDbGllbnRfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1 c3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCF1r54V1VtM39EUv5C1QaoAQOAivsNsv1Kv/av QUn1G1rF0q0bc24+6SZ85kyYwTAo38v7QjyhJT4KddbQPTmGZtGhm7VNm2+vKGwdr+XqdFqo 2rHA8XV6L566k3nK/uKRHlZ0sviN0+BDchvtj/1gOSBH+4uvOmVIPJg9pSW/ve9g4EnlFsjr P0OD8ODuDcHTzTNfm9C9YGqzO/761Mk6PB/tm/+bSTO+Qik5g+4zaS6CnUVNqGnagBsePdIa XXxHmaWbCG0SmYbWXVcHG6cwvktJRLiQfsrReTjrtDP6oDpdJlieYVUYtCHVmdXgQ0BCML7q peeU0rD+83X5f27nMIIFKjCCBBKgAwIBAgIRANyAPv7KiIWObtlbHm/hcKMwDQYJKoZIhvcN AQEFBQAwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQDEzBD T01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTMw MTE1MDAwMDAwWhcNMTQwMTE1MjM1OTU5WjAlMSMwIQYJKoZIhvcNAQkBFhRzaW1vbi53cmln aHRAZ214Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALm8FVJtazZSwFLR IdSydjT2mMaDUqSQlRNYJ0aecO9yr1UDZUtud53XpU7pAJvHCbXiQT6TjW76lS1KoJZNvgt5 hC927RjQCzGPq5GEA2trDx2y0IFFrID5V1g5pY/fjOSIn7iMHg4mHAapFbYM4BnwtKZSyzjt W0CGKaWPAtNwjjJls1XQucSIbGvHkCLMueH6YxG1hd3QnnH/O1vB9AgpTLEs2MsYnpS60WwG C+OE+tFmBviHWbnMiqEIeDwS2VTxuE15d0CS04SvbIellfHGL44UwutJjV9wpOgc7EQ2tkSG 5gMaeLYU/e/BGzdd/bAuk2thzLRih9rA8AZjFTsCAwEAAaOCAeQwggHgMB8GA1UdIwQYMBaA FHoTTgB0W8Z4Y2QnwS/ioFu8ecV7MB0GA1UdDgQWBBQQzJFUqvJzZuJpSTT7SLiD41AxyDAO BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggrBgEFBQcDBAYLKwYB BAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQEB MCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMFcGA1UdHwRQ ME4wTKBKoEiGRmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET0NsaWVudEF1dGhlbnRp Y2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgYgGCCsGAQUFBwEBBHwwejBSBggrBgEFBQcw AoZGaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPQ2xpZW50QXV0aGVudGljYXRpb25h bmRTZWN1cmVFbWFpbENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2Eu Y29tMB8GA1UdEQQYMBaBFHNpbW9uLndyaWdodEBnbXgubmV0MA0GCSqGSIb3DQEBBQUAA4IB AQCK/v4mct8SlgmzotaI2/B1p5Wq3EsaLnN8FIUhb223V+DVuvJQY4WLzEOOFZ5Fo49X6lQV VOcVyLD+TjQYKpGkWiuVbkCLaZBHbly/8stqdWpPNHipel8FI1hSYj6ckrjSJgSXzRf53IKz d3Q3zPgJgaTmJYUIlluHNDjc3Gal4jHW3ET8WCS2RH1u5yIXtXamNeO1a29wUC43lNxOmnpY nuUMIxgx+nuVdbdxjCfCiRn9FYfV5tIeLJmCV3V52FDjauA47rN0/7rfYjb0sIz4rb2iLTjG 66ltd2vcFj4MdMcTjVYW/zIPUvplIrl4+FEtUtmQKO4b/ysgolMP9q23MYIEHDCCBBgCAQEw gakwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNV BAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQDEzBDT01P RE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQDcgD7+yoiF jm7ZWx5v4XCjMAkGBSsOAwIaBQCgggJHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ KoZIhvcNAQkFMQ8XDTEzMDUxOTE5MzAwM1owIwYJKoZIhvcNAQkEMRYEFJbbjkEkkQtX2bTf Md80YdrwMwd8MGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAK BggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYI KoZIhvcNAwICASgwgboGCSsGAQQBgjcQBDGBrDCBqTCBkzELMAkGA1UEBhMCR0IxGzAZBgNV BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24g YW5kIFNlY3VyZSBFbWFpbCBDQQIRANyAPv7KiIWObtlbHm/hcKMwgbwGCyqGSIb3DQEJEAIL MYGsoIGpMIGTMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAw DgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE5MDcGA1UEAxMw Q09NT0RPIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEA3IA+ /sqIhY5u2Vseb+FwozANBgkqhkiG9w0BAQEFAASCAQC0hoglJG34/9+9NraVag3TQhJ7nQhO IHs3oMTZmibmWpyGS9BWMazPSvAFo71FC4HDLYuikHCX61ekrWiBEp6dNZX2bfAoJx33a8Am AIyEjpneUAJYGDAX2ZiSzrd+n4rAiXgYauGDnXXi5BpAu9jr2Ag6Lh1OpMQa9NJMsa9sc9ZQ vuuz1sWy555UdXJTtimwFeIqMFASfIluJL0Z3MdaKkO9Xqyt8kG/FK9HtsB/6Om+z9MPV5MW 18c2zKXn+jLXdkAzzw1HBDORb212ROx1HQ7Fl5BgkUJtK6t739ZTExifca9f2dw6VANMrW0n aU5elfQQChyTKYEmSCdKhXdHAAAAAAAA --------------ms020301050704090306060909--