From owner-freebsd-ports@FreeBSD.ORG  Mon Sep  4 18:43:26 2006
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
X-Original-To: ports@freebsd.org
Delivered-To: freebsd-ports@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7D23F16A4DD;
	Mon,  4 Sep 2006 18:43:26 +0000 (UTC)
	(envelope-from kris@obsecurity.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BA34443D45;
	Mon,  4 Sep 2006 18:43:25 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196])
	by elvis.mu.org (Postfix) with ESMTP id 95F0F1A4D9E;
	Mon,  4 Sep 2006 11:43:25 -0700 (PDT)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id DE0E751603; Mon,  4 Sep 2006 14:43:24 -0400 (EDT)
Date: Mon, 4 Sep 2006 14:43:24 -0400
From: Kris Kennaway <kris@obsecurity.org>
To: Andrew Pantyukhin <infofarmer@FreeBSD.org>
Message-ID: <20060904184324.GA41301@xor.obsecurity.org>
References: <cb5206420608310715y7f9718e2j8736237f7943fad@mail.gmail.com>
	<20060831141924.GA30325@xor.obsecurity.org>
	<20060901012715.GA64266@xor.obsecurity.org>
	<cb5206420609010130j60f0b4a9i5401ab9fe6af2e7e@mail.gmail.com>
	<cb5206420609040948u7643f404ibb88bbd43d58f47d@mail.gmail.com>
	<20060904165520.GA39206@xor.obsecurity.org>
	<cb5206420609041035x14821e1csf22269db7147c37b@mail.gmail.com>
	<20060904175555.GA40371@xor.obsecurity.org>
	<cb5206420609041125i28006394ofa49371e0fcef05@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="x+6KMIRAuhnl3hBn"
Content-Disposition: inline
In-Reply-To: <cb5206420609041125i28006394ofa49371e0fcef05@mail.gmail.com>
User-Agent: Mutt/1.4.2.2i
Cc: FreeBSD Ports <ports@freebsd.org>, Kris Kennaway <kris@obsecurity.org>
Subject: Re: World-writable files installed by ports
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2006 18:43:26 -0000


--x+6KMIRAuhnl3hBn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 04, 2006 at 10:25:09PM +0400, Andrew Pantyukhin wrote:

> >> BTW, I wonder why www/phpmyfaq is not in your list.
> >
> >What a+w file does it install?
>=20
> sat@sat64:~> find /usr/local/www/phpmyfaq -perm -a+w
> /usr/local/www/phpmyfaq/inc
> /usr/local/www/phpmyfaq/images
> /usr/local/www/phpmyfaq/attachments
> /usr/local/www/phpmyfaq/data
> /usr/local/www/phpmyfaq/pdf
> /usr/local/www/phpmyfaq/xml
>=20
> sat@sat64:~> find /usr/local/www/phpmyfaq -perm -a+w | xargs ls -ld
> drwxrwxrwx  2 www  www   512 Sep  4 22:19=20
> /usr/local/www/phpmyfaq/attachments
> drwxrwxrwx  2 www  www   512 Sep  4 22:19 /usr/local/www/phpmyfaq/data
> drwxrwxrwx  2 www  www   512 Sep  4 22:19 /usr/local/www/phpmyfaq/images
> drwxrwxrwx  2 www  www  1024 Sep  4 22:19 /usr/local/www/phpmyfaq/inc
> drwxrwxrwx  2 www  www   512 Sep  4 22:19 /usr/local/www/phpmyfaq/pdf
> drwxrwxrwx  2 www  www   512 Sep  4 22:19 /usr/local/www/phpmyfaq/xml

Hmm, I wonder if the security-check target is broken with plist
substitutions.

Kris


--x+6KMIRAuhnl3hBn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFE/HPMWry0BWjoQKURAijPAKC0HZmIZkyolH4b0UDmawuf6AC8rQCg6KCQ
7baQ4JpZGLr4E4L2lg8CDy0=
=7cPT
-----END PGP SIGNATURE-----

--x+6KMIRAuhnl3hBn--