From owner-freebsd-ports@FreeBSD.ORG Sun May 19 20:44:15 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 3F2AC98C for ; Sun, 19 May 2013 20:44:15 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: from mail-gh0-f174.google.com (mail-gh0-f174.google.com [209.85.160.174]) by mx1.freebsd.org (Postfix) with ESMTP id E68D197D for ; Sun, 19 May 2013 20:44:14 +0000 (UTC) Received: by mail-gh0-f174.google.com with SMTP id r17so1372855ghr.5 for ; Sun, 19 May 2013 13:44:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seibercom.net; s=google; h=x-received:date:from:to:subject:message-id:in-reply-to:references :reply-to:organization:x-mailer:face:mime-version:content-type :content-transfer-encoding; bh=vDGuivpafwq7O8FbN26qMH4dJeSjzOn3pIyM55/M6wM=; b=eSYEe5id2tqyljZRpihprf81wBQ+cM2PSntdFX9JtcDrUKcDTM0wBPNsvOijTPJiR3 aniFxYhlWaOAX6dplmaAZXs52901xxLhrJK9cpY8TRAS3OztJHFZvaPOpxY6e6LwtFno 0iHfbP3IatJI9iseTeiBYfVRAESZqytkhA5tg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:date:from:to:subject:message-id:in-reply-to:references :reply-to:organization:x-mailer:face:mime-version:content-type :content-transfer-encoding:x-gm-message-state; bh=vDGuivpafwq7O8FbN26qMH4dJeSjzOn3pIyM55/M6wM=; b=KflDifMDbzYNnt2svOCyZJiVnUXJMHkNYRhoqdDqV0iYHI9jvpjtOJsurRByvOuXFM HANSPd7V4MrFm7IFG81mQ4QY4+Se96Fi5MoWBneT+dbsVQ6SO8lVFv3wA/fFGcixHmmJ hbMOgIuWwDc1DKiR49EnmwVqCVOcbgVLlWjdNL14xuy+mCodPGhk6z1ZCqYs1agMddx8 Nqj302F/Z9yb4aOFszqG5G6HnvtJ8bdxwUSsDLg+wDNhxSc16Xk5L2YHIyAWWebCWE5D 8+Jx3QuEAiqszlW0QHmWZoLw3y9LDMxDkDqt68xC4ywi1+FaT2w3a1TssD95U507MTXp UpbQ== X-Received: by 10.236.31.201 with SMTP id m49mr33444136yha.164.1368995911742; Sun, 19 May 2013 13:38:31 -0700 (PDT) Received: from scorpio.seibercom.net (cpe-076-182-104-150.nc.res.rr.com. [76.182.104.150]) by mx.google.com with ESMTPSA id p31sm35205316yhm.10.2013.05.19.13.38.30 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 19 May 2013 13:38:31 -0700 (PDT) Received: from scorpio (localhost [127.0.0.1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jerry@seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 3bDFSQ11JYz2CG5n for ; Sun, 19 May 2013 16:38:30 -0400 (EDT) Date: Sun, 19 May 2013 16:38:29 -0400 From: Jerry To: freebsd-ports@freebsd.org Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <20130519163829.2f71a3ee@scorpio> In-Reply-To: <5199283B.4010401@gmx.net> References: <20130519115232.49f52d01@scorpio> <20130519195639.79464471@raksha.tavi.co.uk> <5199283B.4010401@gmx.net> Organization: seibercom.net X-Mailer: Claws Mail 3.9.1 (GTK+ 2.24.17; amd64-portbld-freebsd8.3) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUAAABYRlwJCw4FAgAIBwKprDkBAQFQLR0BAgCir7VRttp8AAACAUlEQVQ4jZWUTYvbMBCGTVl8V2hX6Gg5G5FbWQdBj0lEfE7BhN4cyzi5Wt1E5L70roWy6N92xok/skkP+5IYrMcz78xIduDWpNM3vFzuA/jX5EY1AI6KHFwW/CzFuQAwqUBbV12p+CzIh6Awq7sg33pn5D64SQXAexffeuQlA/L35RrkaB551OjGfP/cAO8mCNaDcgvfky5ijoD0pAXlCQCnljiAjsJD9Ax05Ko5sZxbnLQcmM+dZg5IjREfZrWIHK0JuwU68pAGwHvfRxBundRzTxxz3r9dNUikPsEihjz2Dc4kjp1hKsJGuot4EDxaxzMoC7XqhxhOSfZrTS6gSX1JVdjp+o1PvWfekXgw3WL0g70nDEwA0H0HQsEZc8sTmFMTkWUfYWC/vdR1zQy3xLQgLwzu90QnlnFLjeiGWBjwhb4Sa42IqOg2qqS4O1/zhKokFUb1Q8Rj4Eb69WVflXEehJ35DgChVTE5n50eaGyMLOfH8AOodoSM4PVYAQgQdBulOa+knklYks3vAuQ+uX492lTl+A+e8qBV2AKoXalVKFfyuUp0pUp1ARaUHh82lv9MN+Ig7CZtgE6FNYvjlywT2VP2dMgOG46gTIWcqdfvuwyXNz0oMJNd/N5lh1YNiJt19ADTUo3VuFSNeQwVqRSrGjSCp53fk2g+Mvfk/gfoPxHeUS8MH9vRAAAAAElFTkSuQmCC Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Gm-Message-State: ALoCoQmfHM2fI6PQw5rKmkh9MHH5gQPFl/Pn3onJn4fw/N81mw69HlI77/Oxx2CYZwdVOJATXbfl X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: freebsd-ports@freebsd.org List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 May 2013 20:44:15 -0000 On Sun, 19 May 2013 21:30:03 +0200 Simon Wright articulated: > On 05/19/13 20:56, Bob Eager wrote: > > On Sun, 19 May 2013 13:34:49 -0500 > > sindrome wrote: > > > >> can't authenticate to my samba server. There has to be a root of > >> this problem to make them both work. Is there some other place > >> portupgrade is having /tmp amended on without it being in my $PATH? > > > > I went back and had a closer look at your error message. What I > > hadn't done (and neither had you, prior to that) was read and fully > > digest the error message. > > > > portupgrade is calling its 'system()' function to run a command. The > > Ruby runtime does a sanity check to make sure that the directories > > in the path are secure...and /tmp isn't. I suspect that portupgrade > > puts temporary scripts into /tmp, then executes them; this implies > > that it's probably chdir'ing to /tmp, then haveing '.' in thge > > path, or even just adding /tmp to the path, although I don't think > > so. > > > > Anyway, what's insecure is that you don't have the sticky bit set. > > If you use: > > > > chmod 1777 /tmp > > > > it ought to all work. > > Unfortunately it doesn't - for me at least! Here's the error I get > from portupgrade on (all of) my FreeBSD boxes: > > [simon@vmserver02 ~]$ sudo portupgrade -pP sysutils/webmin > ---> Session started at: Sun, 19 May 2013 21:11:25 +0200 > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: > Insecure world writable dir /tmp/ in PATH, mode 041777 > > AFAIR this started around the time of the last Ruby update over a > year ago, the change and subsequent rollback to making the default > version of Ruby 1.9. I'm using 1.8.7 which I believe is still the > FBSD default version. Is anyone seeing this issue using Ruby 1.9? > > I definitely do not have /tmp in my $PATH. Information for portupgrade-devel-20130313_1,3: Depends on: Dependency: libyaml-0.1.4_2 Dependency: openssl-1.0.1_8 Dependency: libffi-3.0.13 Dependency: libexecinfo-1.1_3 Dependency: ruby-1.9.3.392,1 Dependency: ruby19-date2-4.0.19 Dependency: db48-4.8.30.0 Dependency: ruby19-bdb-0.6.6_1 And yes, I have the same error message. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________