Skip site navigation (1)Skip section navigation (2)
Date:        Thu, 29 Jul 1999 16:14:57 +0200
From:      Slawek Zak <zaks@prioris.im.pw.edu.pl>
To:        freebsd-ports@freebsd.org
Cc:        freebsd-security@freebsd.org
Subject:   Extracted files' permissions
Message-ID:  <19990729161457.A727@prioris.im.pw.edu.pl>

next in thread | raw e-mail | index | archive | help
When I lately extracted some packages, I have noticed that owners of
the files and directories are random (try make extract lang/lua or
lang/erlang) These UIDs may or may not exist on your system. If they
do, the files can be easily overwritten by malicious user and lead to
compromise of the system. 

So my question is if it should be treated as bug, and reported to the
packager, or maybe there should be an additional step in extracting
these files, in which the owner would be changed to 0:0. 

Of course the easiest solution would be chmod og= /usr/ports :)

-- 
* Suavek Zak
* email: zaks@im.pw.edu.pl   voice: +48 (0) 22 674 66 79
* PGP v2.3: 2048/9A7CBF71,   finger://zaks@prioris.im.pw.edu.pl


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990729161457.A727>