Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Feb 2004 16:34:02 +1100 (EST)
From:      Andrew <andrew@ugh.net.au>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/63112: bsd.port.mk warns that symlinks are world writeable
Message-ID:  <200402200534.i1K5Y2pk068030@freebsd.syd.ntt.net.au>
Resent-Message-ID: <200402200540.i1K5eEFY038544@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         63112
>Category:       ports
>Synopsis:       bsd.port.mk warns that symlinks are world writeable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 19 21:40:13 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Andrew
>Release:        FreeBSD 4.8-RELEASE-p4 i386
>Organization:
UgH!
>Environment:
System: FreeBSD freebsd.syd.ntt.net.au 4.8-RELEASE-p18 FreeBSD 4.8-RELEASE-p18 #0: Wed Sep 10 18:31:36 EST 2003 andrews@freebsd.syd.ntt.net.au:/usr/obj/usr/src/sys/FREEBSD i386


	
>Description:

When installing a port that installs a symbolic link (such as lang/ruby16)
a warning is printed about these links in the world writeable section of
the security report. I'm not sure this is correct behaviour as that writeable
bit doesn't really mean that for symlinks (actually what do the permissions
on a symlink mean?).

>How-To-Repeat:
	
>Fix:

The below patch just excludes symlinks from the report.

--- bsd.port.mk.orig	Fri Feb 20 16:00:23 2004
+++ bsd.port.mk	Fri Feb 20 16:12:24 2004
@@ -3642,7 +3642,7 @@
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
 	| ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f \( -perm -4000 -o -perm -2000 \) \( -perm -0010 -o -perm -0001 \) 2> /dev/null > ${WRKDIR}/.PLIST.setuid; \
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
-	| ${XARGS} -0 -J % ${FIND} % -prune -perm -0002 2> /dev/null > ${WRKDIR}/.PLIST.writable; \
+	| ${XARGS} -0 -J % ${FIND} % -prune -perm -0002 \! -type l 2> /dev/null > ${WRKDIR}/.PLIST.writable; \
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
 	| ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f -print0 2> /dev/null \
 	| ${XARGS} -0 -n 1 /usr/bin/objdump -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump; \
@@ -3705,7 +3705,7 @@
 			fi; \
 		fi; \
 		if [ ! -L "${PREFIX}/$$i" ]; then \
-			if [ -n "`${FIND} ${PREFIX}/$$i -prune -perm -0002 2>/dev/null`" ]; then \
+			if [ -n "`${FIND} ${PREFIX}/$$i -prune -perm -0002 \! -type l 2>/dev/null`" ]; then \
 				 ${ECHO_CMD} ${PREFIX}/$$i >> ${WRKDIR}/.PLIST.writable; \
 			fi; \
 		fi; \

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402200534.i1K5Y2pk068030>