Date: Thu, 24 Aug 2006 11:25:59 +0200 (CEST) From: Henrik Brix Andersen <henrik@brixandersen.dk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: drift@pil.dk, secteam@FreeBSD.org Subject: ports/102473: [patch] portaudit fails to overwrite auditfile.tbz when run as non-root Message-ID: <20060824092559.AA0DE2E022@fangorn.brixandersen.dk> Resent-Message-ID: <200608240930.k7O9UFvx038999@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 102473 >Category: ports >Synopsis: [patch] portaudit fails to overwrite auditfile.tbz when run as non-root >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Aug 24 09:30:15 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Henrik Brix Andersen >Release: FreeBSD 6.1-STABLE i386 >Organization: pil.dk >Environment: System: FreeBSD fangorn.brixandersen.dk 6.1-STABLE FreeBSD 6.1-STABLE #8: Sat Aug 19 12:14:49 CEST 2006 root@fangorn.brixandersen.dk:/usr/obj/usr/src/sys/GENERIC i386 >Description: security/portaudit fails to overwrite the auditfile.tbz file when run as a non-root user since it sets a=r on the file once downloaded. The patch below solves this by mv'ing the file before attempting a new download instead of cp'ing it. >How-To-Repeat: Set $portaudit_dir in /usr/local/etc/portaudit.conf to a location writable by a non-root user and run 'portaudit -F' as that user. Notice that on the second run of 'portaudit -F' it fails to overwrite the auditfile.tbz. >Fix: Proposed patch: --- portaudit-cmd.sh.patch begins here --- --- portaudit-cmd.sh.orig Thu Aug 24 10:19:31 2006 +++ portaudit-cmd.sh Thu Aug 24 10:19:39 2006 @@ -300,7 +300,7 @@ fi cd "$portaudit_dir" if [ -r "$portaudit_filename" ]; then - cp -f "$portaudit_filename" "$portaudit_filename.old" + mv -f "$portaudit_filename" "$portaudit_filename.old" fi $opt_verbose && echo "Attempting to fetch from $portaudit_sites." --- portaudit-cmd.sh.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060824092559.AA0DE2E022>