From owner-freebsd-ports-bugs@FreeBSD.ORG Thu May 13 09:00:46 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB13D16A4D0 for ; Thu, 13 May 2004 09:00:46 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6AAA43D55 for ; Thu, 13 May 2004 09:00:45 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i4DG0jmj023428 for ; Thu, 13 May 2004 09:00:45 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i4DG0juv023420; Thu, 13 May 2004 09:00:45 -0700 (PDT) (envelope-from gnats) Resent-Date: Thu, 13 May 2004 09:00:45 -0700 (PDT) Resent-Message-Id: <200405131600.i4DG0juv023420@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jeremy Chadwick Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7F5316A4CE for ; Thu, 13 May 2004 08:58:59 -0700 (PDT) Received: from mail.parodius.com (mail.parodius.com [64.62.145.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0573C43D49 for ; Thu, 13 May 2004 08:58:59 -0700 (PDT) (envelope-from jdc@pentarou.parodius.com) Received: from pentarou.parodius.com (jdc@localhost [127.0.0.1]) by mail.parodius.com (8.12.11/8.12.11) with ESMTP id i4DFww56031869 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 13 May 2004 08:58:58 -0700 (PDT) (envelope-from jdc@pentarou.parodius.com) Received: (from jdc@localhost) by pentarou.parodius.com (8.12.11/8.12.11/Submit) id i4DFwwdZ031868; Thu, 13 May 2004 08:58:58 -0700 (PDT) (envelope-from jdc) Message-Id: <200405131558.i4DFwwdZ031868@pentarou.parodius.com> Date: Thu, 13 May 2004 08:58:58 -0700 (PDT) From: Jeremy Chadwick To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/66612: phpmyadmin port incompatible with suphp, insecure perms on default config X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Jeremy Chadwick List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 16:00:46 -0000 >Number: 66612 >Category: ports >Synopsis: phpmyadmin port incompatible with suphp, insecure perms on default config >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu May 13 09:00:45 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Jeremy Chadwick >Release: FreeBSD 4.10-PRERELEASE i386 >Organization: Parodius Networking >Environment: System: FreeBSD pentarou.parodius.com 4.10-PRERELEASE FreeBSD 4.10-PRERELEASE #0: Wed May 5 03:33:17 PDT 2004 root@pentarou.parodius.com:/usr/obj/usr/src/sys/PENTAROU i386 >Description: By default, installing ports/databases/phpmyadmin results in the installation dirs/files being owned by root:wheel. This is a problem for those of us who rely on ports/www/suphp, where the files' owner:group needs to be something >= 80:80. The included patch does a chown to the apache user/group after the installation has completed. The APACHE_USER and APACHE_GROUP tweaks are taken from ports/www/suphp so there's compatibility. In addition, the patch also sets some secure permissions on the config.inc.php.sample file, so that administrators using it as a template note that the perms should be 640 (or 660). It SHOULD NOT be globally readable. The other files are fine. Port maintainer has been CC'd in this send-pr. >How-To-Repeat: Install ports/www/php4-cgi and ports/www/suphp. Then install ports/databases/phpmyadmin, and try to access the phpMyAdmin dir via a browser. You'll get an internal server error. For config.inc.php.sample, just look at the perms. >Fix: See attached diff/patch below. diff -ruN phpmyadmin.orig/Makefile phpmyadmin/Makefile --- phpmyadmin.orig/Makefile Sun Mar 28 10:34:39 2004 +++ phpmyadmin/Makefile Thu May 13 08:53:07 2004 @@ -7,6 +7,7 @@ PORTNAME= phpMyAdmin PORTVERSION= 2.5.6 +PORTREVISION= 1 CATEGORIES= databases www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= phpmyadmin @@ -18,12 +19,15 @@ USE_PHP= yes NO_BUILD= yes +APACHE_USER?= ${WWWOWN} +APACHE_GROUP?= ${WWWGRP} MYADMDIR?= www/data/phpMyAdmin PLIST_SUB+= MYADMDIR=${MYADMDIR} post-patch: @${MV} ${WRKSRC}/config.inc.php ${WRKSRC}/config.inc.php.sample + @${CHMOD} 640 ${WRKSRC}/config.inc.php.sample do-install: @${MKDIR} ${PREFIX}/${MYADMDIR} @@ -31,5 +35,6 @@ ${XARGS} -n1 ${SH} -c 'if ${TEST} -d $$0; \ then ${MKDIR} ${PREFIX}/${MYADMDIR}$${0#${WRKSRC}}; \ else ${INSTALL_DATA} $$0 ${PREFIX}/${MYADMDIR}$${0#${WRKSRC}}; fi' + @${CHOWN} -R ${APACHE_USER}:${APACHE_GROUP} ${PREFIX}/${MYADMDIR} .include >Release-Note: >Audit-Trail: >Unformatted: