From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Dec 27 18:50:03 2007 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6878416A41A for ; Thu, 27 Dec 2007 18:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 50C0113C45A for ; Thu, 27 Dec 2007 18:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lBRIo19C079391 for ; Thu, 27 Dec 2007 18:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lBRIo16t079390; Thu, 27 Dec 2007 18:50:01 GMT (envelope-from gnats) Resent-Date: Thu, 27 Dec 2007 18:50:01 GMT Resent-Message-Id: <200712271850.lBRIo16t079390@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jesper Wallin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC5B516A49C for ; Thu, 27 Dec 2007 18:40:20 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id D3B6713C4DD for ; Thu, 27 Dec 2007 18:40:20 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id lBRIdgPP095947 for ; Thu, 27 Dec 2007 18:39:42 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id lBRIdgYj095946; Thu, 27 Dec 2007 18:39:42 GMT (envelope-from nobody) Message-Id: <200712271839.lBRIdgYj095946@www.freebsd.org> Date: Thu, 27 Dec 2007 18:39:42 GMT From: Jesper Wallin To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/119073: A lot of ports are extracted with 0777 permissions. X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Dec 2007 18:50:03 -0000 >Number: 119073 >Category: ports >Synopsis: A lot of ports are extracted with 0777 permissions. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 27 18:50:01 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Jesper Wallin >Release: FreeBSD 7.0-RC1 >Organization: >Environment: FreeBSD zero.nohack.se 7.0-RC1 FreeBSD 7.0-RC1 #0: Sat Dec 22 23:10:56 CET 2007 root@zero.nohack.se:/usr/obj/usr/src/sys/zero i386 >Description: A lot of tarballs for ports seems to be packed with permissions like 0777, giving anyone on the system write-access to the /usr/ports///work/ directory. I personally have /tmp, /var and /usr/home mounted with the noexec and nosuid options as I don't want my users to run any "external" programs. These odd permissions give local users access to execute commands and/or malicious users access to fill up the /usr partition. It can, of course, be solved with a simple "make clean" and/or a proper setup of disk quotas. Yet, I don't see the reason for leaving the work directory with 0777 permissions, as ports are always built as root. A few ports that I've found having these permissions are: - archivers/rpm - databases/memcached - devel/autoconf261 - devel/automake14 - devel/libevent - devel/m4 - mail/dspam - www/lighttpd >How-To-Repeat: cd /usr/ports/www/lighttpd make extract cd ./work ls -l >Fix: >Release-Note: >Audit-Trail: >Unformatted: