Date: Thu, 19 Feb 2004 09:50:14 +0100 From: Radim Kolar <hsn@netmag.cz> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/63066: portaudit: bad perm for database Message-ID: <E1Atjss-00011q-Oj@asura.bsd> Resent-Message-ID: <200402191430.i1JEUFxP038406@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 63066
>Category: ports
>Synopsis: portaudit: bad perm for database
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 19 06:30:14 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Radim Kolar
>Release: FreeBSD 5.2-RELEASE-p2 i386
>Organization:
Sanatana Dharma
>Environment:
System: FreeBSD asura.bsd 5.2-RELEASE-p2 FreeBSD 5.2-RELEASE-p2 #2: Sun Feb 8 16:07:05 CET 2004 root@asura.bsd:/usr/src/sys/i386/compile/GENERIC i386
>Description:
Permissions for port audit database are bad:
asura# ll /var/db/portaudit/
total 2
-rw------- 1 root wheel 546 Feb 15 12:00 auditfile.tbz
asura#
Database needs to be a+r because port's makefile performs checking
while building port and port can be builded by non-privileged user
as well.
>How-To-Repeat:
run /usr/local/etc/periodic/daily/330.fetchaudit as root.
root umask is 022, i am not sure what umask has cron set.
>Fix:
diff -Naur /usr/ports/security/portaudit/files/fetchaudit.sh /tmp/portaudit/files/fetchaudit.sh
--- /usr/ports/security/portaudit/files/fetchaudit.sh Tue Jan 27 20:24:52 2004
+++ /tmp/portaudit/files/fetchaudit.sh Thu Feb 19 09:42:25 2004
@@ -67,6 +67,7 @@
rc=2
else
echo "done"
+ chmod a+r ${portaudit_file}
rc=1
fi
else
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Atjss-00011q-Oj>