Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Nov 2023 14:21:53 +0100
From:      Mateusz Guzik <mjguzik@gmail.com>
To:        Gordon Bergling <gbe@freebsd.org>
Cc:        src-committers@freebsd.org, dev-commits-src-all@freebsd.org,  dev-commits-src-main@freebsd.org
Subject:   Re: git: a6ed8c959303 - main - Fix /root permissions after 'make installworld'
Message-ID:  <CAGudoHF-7MUGi5OXqC%2B2WQm%2BE0NUeywCu=SR6tJMEtu-CqDO_A@mail.gmail.com>
In-Reply-To: <202311161000.3AGA0Cxc058517@gitrepo.freebsd.org>
References:  <202311161000.3AGA0Cxc058517@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 11/16/23, Gordon Bergling <gbe@freebsd.org> wrote:
> The branch main has been updated by gbe:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=a6ed8c9593031abf6fa73661be55c226caa362d6
>
> commit a6ed8c9593031abf6fa73661be55c226caa362d6
> Author:     Thomas Eberhardt <sneakywumpus@gmail.com>
> AuthorDate: 2023-11-16 09:59:38 +0000
> Commit:     Gordon Bergling <gbe@FreeBSD.org>
> CommitDate: 2023-11-16 09:59:38 +0000
>
>     Fix /root permissions after 'make installworld'
>
>     According to /etc/mtree/BSD.root.dist /root should have
>     0750 permissions, but the build target 'make installworld'
>     changes these to 0755.
>
>     This is caused by the installation of the configuration
>     files of sh(1) and csh(1).
>
>     Correct this by specifying the correct default /root permissions.
>
>     PR:     273342
>     Reviewed by:    jilles
>     Approved by:    jilles
>     MFC after:      2 weeks
>     Differential Revision:https://reviews.freebsd.org/D42395
> ---
>  bin/csh/Makefile | 1 +
>  bin/sh/Makefile  | 1 +
>  2 files changed, 2 insertions(+)
>
> diff --git a/bin/csh/Makefile b/bin/csh/Makefile
> index 1f996df3999b..94e1ba763d6e 100644
> --- a/bin/csh/Makefile
> +++ b/bin/csh/Makefile
> @@ -15,6 +15,7 @@ ROOTPACKAGE=	csh
>  ETC=	csh.cshrc csh.login csh.logout
>  ROOT=	dot.cshrc dot.login
>  ROOTDIR=	/root
> +ROOTDIR_MODE=	0750

This is at best a total workaround, the real bug is that root dir gets
modified to begin with and there will be other cases prone to cause
the same problem.

More importantly, is not this a regression from security pov?

-- 
Mateusz Guzik <mjguzik gmail.com>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGudoHF-7MUGi5OXqC%2B2WQm%2BE0NUeywCu=SR6tJMEtu-CqDO_A>