Date: Thu, 10 Jun 2010 22:41:10 GMT From: Serg <mail_of_sergey@mail.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/147779: [patch] port www/sbox-dtc: quotes makes crazy UID value Message-ID: <201006102241.o5AMfA4h045447@www.freebsd.org> Resent-Message-ID: <201006102250.o5AMo1ff065224@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 147779
>Category: ports
>Synopsis: [patch] port www/sbox-dtc: quotes makes crazy UID value
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 10 22:50:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Serg
>Release: FreeBSD 8.0-RELEASE-p1 i386
>Organization:
>Environment:
FreeBSD acc.acc.tula.ru 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #2: Fri Mar 19 14:29:25 MSK 2010 root@acc.acc.tula.ru:/usr/obj/usr/src/sys/Z i386
>Description:
The quotes at -DUID_MIN and -DGID_MIN CFLAGS makes crazy UID value.
Example:
SBOX_UIDMIN?= 1000
SBOX_GIDMIN?= 1000
Try to run cgi-script:
the directory containing /home/export/web/fluffy/cgi-bin/test.cgi must not be owned by a UID less than 134523267
But minimal UID is 1000!
Ater removing the quotes at -DUID_MIN and -DGID_MIN CFLAGS the cgi-script was run.
>How-To-Repeat:
Just install sbox and try to use it.
>Fix:
Remove the quotes around -DUID_MIN and -DGID_MIN CFLAGS.
Patch attached with submission follows:
--- Makefile 2010-06-11 02:25:42.000000000 +0400
+++ Makefile~ 2010-04-19 22:55:38.000000000 +0400
@@ -20,8 +20,8 @@
CFLAGS+= -DWEB_USER='\"${WWWOWN}\"' \
-DWEB_GROUP='\"${WWWGRP}\"' \
- -DUID_MIN='${SBOX_UIDMIN}' \
- -DGID_MIN='${SBOX_GIDMIN}' \
+ -DUID_MIN='\"${SBOX_UIDMIN}\"' \
+ -DGID_MIN='\"${SBOX_GIDMIN}\"' \
-DSAFE_PATH='\"${SBOX_SAFEPATH}\"' \
-DLOG_FILE='\"${SBOX_LOGFILE}\"'
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006102241.o5AMfA4h045447>