Date: Sun, 19 May 2013 15:37:23 -0500 From: Sindrome <sindrome@gmail.com> To: "simon.wright@gmx.net" <simon.wright@gmx.net> Cc: "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <A78BF813-0CAB-4153-93BE-9BB9B51C815A@gmail.com> In-Reply-To: <5199283B.4010401@gmx.net> References: <CAFzAeSdgRotc34%2BeyfVHZBA-QGUCWJ1MZDYw1ysRxEV9MhG2BQ@mail.gmail.com> <CADLo83-pFi8E-Wdoyju7YxBmOR67Qr4OWmZA-2x8_Um1F2bwoQ@mail.gmail.com> <CAFzAeSd%2B7oubgZ%2BzSJnmfNPA9v1=T41c=VF0C-sbz=vhyVE_OA@mail.gmail.com> <20130519115232.49f52d01@scorpio> <CADLo83-my3xBj9G9_dT0=FGfvK0jaRFQUhmk_YtRx3h8S_g2%2BQ@mail.gmail.com> <CAFzAeSdhNp3zor_ofMS7P1We6Wgoa5fyxeFFDxq3tPkB2CgYyA@mail.gmail.com> <20130519195639.79464471@raksha.tavi.co.uk> <5199283B.4010401@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I concur with Simon. That's exactly when it started for me. On May 19, 2013, at 2:30 PM, Simon Wright <simon.wright@gmx.net> wrote: > On 05/19/13 20:56, Bob Eager wrote: >> On Sun, 19 May 2013 13:34:49 -0500 >> sindrome <sindrome@gmail.com> wrote: >>=20 >>> can't authenticate to my samba server. There has to be a root of >>> this problem to make them both work. Is there some other place >>> portupgrade is having /tmp amended on without it being in my $PATH? >>=20 >> I went back and had a closer look at your error message. What I hadn't >> done (and neither had you, prior to that) was read and fully digest the >> error message. >>=20 >> portupgrade is calling its 'system()' function to run a command. The >> Ruby runtime does a sanity check to make sure that the directories in >> the path are secure...and /tmp isn't. I suspect that portupgrade puts >> temporary scripts into /tmp, then executes them; this implies that it's >> probably chdir'ing to /tmp, then haveing '.' in thge path, or even just >> adding /tmp to the path, although I don't think so. >>=20 >> Anyway, what's insecure is that you don't have the sticky bit set. If >> you use: >>=20 >> chmod 1777 /tmp >>=20 >> it ought to all work. >=20 > Unfortunately it doesn't - for me at least! Here's the error I get from po= rtupgrade on (all of) my FreeBSD boxes: >=20 > [simon@vmserver02 ~]$ sudo portupgrade -pP sysutils/webmin > ---> Session started at: Sun, 19 May 2013 21:11:25 +0200 > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: Insec= ure world writable dir /tmp/ in PATH, mode 041777 >=20 > AFAIR this started around the time of the last Ruby update over a year ago= , the change and subsequent rollback to making the default version of Ruby 1= .9. I'm using 1.8.7 which I believe is still the FBSD default version. Is an= yone seeing this issue using Ruby 1.9? >=20 > I definitely do not have /tmp in my $PATH. >=20 > Cheers >=20 > Simon. >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A78BF813-0CAB-4153-93BE-9BB9B51C815A>