Date: Fri, 11 Jan 2002 14:17:54 -0800 (PST) From: Lyndon Nerenberg <lyndon@atg.aciworldwide.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/33795: [PATCH] quakeserver questionable file ownerships Message-ID: <200201112217.g0BMHs965888@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 33795
>Category: ports
>Synopsis: [PATCH] quakeserver questionable file ownerships
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 11 14:20:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Lyndon Nerenberg
>Release: 4.5-RC1
>Organization:
>Environment:
Tested against 4.5-RC1 and -CURRENT, both on i386.
>Description:
/usr/ports/games/quakeserver-1.0 is set up to run the server as 'nobody'
at boot time, presumably to avoid running as a user with write access
to anything. However, the port installs its files as the user
nobody, bypassing any possible protection from running as the
nobody user.
>How-To-Repeat:
Install the port, then cd into /usr/local/quakeserver and
'ls -ld' and 'ls -l'.
>Fix:
I have patched the port to 1) Install with default root:wheel ownerships
where possible, 2) use group membership to provide write access to
the few things that need it, and 3) create a specific runtime user
and group for the server.
Patches are available at
ftp://atg.aciworldwide.com/lyndon/freebsd/ports/quakeserver-runtimeuser.patch
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201112217.g0BMHs965888>