Date: Sun, 26 Nov 2023 19:26:33 +0100 From: Gordon Bergling <gbe@freebsd.org> To: Mateusz Guzik <mjguzik@gmail.com> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: a6ed8c959303 - main - Fix /root permissions after 'make installworld' Message-ID: <ZWON2WUWTKMeasfX@bastion.ttyv0.de> In-Reply-To: <CAGudoHF-7MUGi5OXqC%2B2WQm%2BE0NUeywCu=SR6tJMEtu-CqDO_A@mail.gmail.com> References: <202311161000.3AGA0Cxc058517@gitrepo.freebsd.org> <CAGudoHF-7MUGi5OXqC%2B2WQm%2BE0NUeywCu=SR6tJMEtu-CqDO_A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--PVoNsnnJuMct7nza Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Mateusz, On Thu, Nov 16, 2023 at 02:21:53PM +0100, Mateusz Guzik wrote: > On 11/16/23, Gordon Bergling <gbe@freebsd.org> wrote: > > The branch main has been updated by gbe: > > > > URL: > > https://cgit.FreeBSD.org/src/commit/?id=3Da6ed8c9593031abf6fa73661be55c= 226caa362d6 > > > > commit a6ed8c9593031abf6fa73661be55c226caa362d6 > > Author: Thomas Eberhardt <sneakywumpus@gmail.com> > > AuthorDate: 2023-11-16 09:59:38 +0000 > > Commit: Gordon Bergling <gbe@FreeBSD.org> > > CommitDate: 2023-11-16 09:59:38 +0000 > > > > Fix /root permissions after 'make installworld' > > > > According to /etc/mtree/BSD.root.dist /root should have > > 0750 permissions, but the build target 'make installworld' > > changes these to 0755. > > > > This is caused by the installation of the configuration > > files of sh(1) and csh(1). > > > > Correct this by specifying the correct default /root permissions. > > > > PR: 273342 > > Reviewed by: jilles > > Approved by: jilles > > MFC after: 2 weeks > > Differential Revision:https://reviews.freebsd.org/D42395 > > --- > > bin/csh/Makefile | 1 + > > bin/sh/Makefile | 1 + > > 2 files changed, 2 insertions(+) > > > > diff --git a/bin/csh/Makefile b/bin/csh/Makefile > > index 1f996df3999b..94e1ba763d6e 100644 > > --- a/bin/csh/Makefile > > +++ b/bin/csh/Makefile > > @@ -15,6 +15,7 @@ ROOTPACKAGE=3D csh > > ETC=3D csh.cshrc csh.login csh.logout > > ROOT=3D dot.cshrc dot.login > > ROOTDIR=3D /root > > +ROOTDIR_MODE=3D 0750 >=20 > This is at best a total workaround, the real bug is that root dir gets > modified to begin with and there will be other cases prone to cause > the same problem. >=20 > More importantly, is not this a regression from security pov? I am unsure if this is a regression, but it fixed the problem about overrid= en permissions from 'make installworld'. I keep an eye on the PR and when I ha= ve time I'll try to come up with a better solution, but I am far from beeing an expert in the build framework. --Gordon --PVoNsnnJuMct7nza Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEYbWI0KY5X7yH/Fy4OQX2V8rP09wFAmVjjdEACgkQOQX2V8rP 09zA0QgAvNy1Bv7xCO5ozp+/2laO3zVhXoixnjjh8puaMs8DUrA3BzR4Z/lWLJ58 HL9S8EEXHwmcPdWYpRY8hdjJdYpIu5j9YsENGqesMvqngRiAnfNC+lngOYWZXp9Y 3OssaD5CIRNwK+y8L2YCGAqZOtciCJqXMOCkFtiKJLlX9lnkDbVmEms6r30uNzZd DacckGh6UZiX/OSlsrzw6FGyqOZ7hRTj7/rlUo8We++xNgZTCPTVRLi0X2bfqdrL kPZ2cmUXXTFmsBrePoHYfrv2nKXDkD2mIk281akS08x7Sco6PhSi9BLyYizkhSjw MB9eCmxyfIrRkcZeCm3nqlRS4BnMCw== =N7pr -----END PGP SIGNATURE----- --PVoNsnnJuMct7nza--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZWON2WUWTKMeasfX>