From owner-freebsd-ports@FreeBSD.ORG Mon May 27 20:05:45 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 91266F5B for ; Mon, 27 May 2013 20:05:45 +0000 (UTC) (envelope-from sindrome@gmail.com) Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) by mx1.freebsd.org (Postfix) with ESMTP id 64BB2991 for ; Mon, 27 May 2013 20:05:45 +0000 (UTC) Received: by mail-ie0-f175.google.com with SMTP id tp5so2555208ieb.6 for ; Mon, 27 May 2013 13:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Dis3zwnrmcCvZF4LjPk5NchqenfWI5YXXezR+mJo9DU=; b=GEdOvWX9Svnb03EEx6zRyftvlcfz4gudfke3Mr1gmZRoKSi/7GHQv0ilvk4jVR+t3U 7dG4COtUugfETF7fyEsio0+Ha9eV2QcjTPeapTYKVoo4JcvswUvM6CJHZrBlJblATV+M gmPQiGW9TxR9/Z0CIi/eai1O1SUx2Dc3JH3STeBAKF60L6tRlKsFnn1Q/EVwRu4mQ/1S i4JOwl92Bh8WWBWCAg7I/XTehkg7spHUNdlCmVYwFtlRhDRUPvrtrcfUauf2C8tioXhB UhEpDFJ86YwJ6AO/n+90wcAqzRGPY20dzFMIQDUe4RCE8YyK+L+GftAO4bkVfycWpnz9 21Lw== MIME-Version: 1.0 X-Received: by 10.50.57.19 with SMTP id e19mr5571135igq.110.1369685144040; Mon, 27 May 2013 13:05:44 -0700 (PDT) Received: by 10.64.136.73 with HTTP; Mon, 27 May 2013 13:05:43 -0700 (PDT) In-Reply-To: <20130527205400.2cdd0172@raksha.tavi.co.uk> References: <8661yedqyy.wl%poyopoyo@puripuri.plala.or.jp> <20130520143853.79242743@raksha.tavi.co.uk> <519A9C7D.3040101@gmx.net> <20130527205400.2cdd0172@raksha.tavi.co.uk> Date: Mon, 27 May 2013 15:05:43 -0500 Message-ID: Subject: Re: Why does Samba requires 777 permissions on /tmp From: sindrome To: Bob Eager Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: FreeBSD Mailing List X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 May 2013 20:05:45 -0000 Hi Bob, I just went into /usr/local/etc/pkgtools.conf and changed the PKG_TMPDIR variable to a non-world writable directory called /build and still see the warnings below: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 On Mon, May 27, 2013 at 2:54 PM, Bob Eager wrote: > Did you try changing PKG_TMPDIR as I suggested? (see below) > > > On Mon, 27 May 2013 14:45:05 -0500 > sindrome wrote: > > > Hi Guys, > > > > I just got home from being out of town and the problem still persists > > even after I removed . from my path. > > > > echo $PATH > > > /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin: > > > > Here's what I get when I portupgrade an outdated port. > > > > > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: > > Insecure world writable dir /tmp/ in PATH, mode 041777 > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: > > Insecure world writable dir /tmp/ in PATH, mode 041777 > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: > > Insecure world writable dir /tmp/ in PATH, mode 041777 > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: > > Insecure world writable dir /tmp/ in PATH, mode 041777 > > > > > > > > On Mon, May 20, 2013 at 4:58 PM, Simon Wright > > wrote: > > > > > On 20/05/2013 15:38, Bob Eager wrote: > > > > > >> On Mon, 20 May 2013 08:03:09 -0500 > > >> sindrome wrote: > > >> > > >> What I think is happening is that portupgrade is building and > > >> running shell scripts in /tmp. It's running them with (in ruby): > > >> > > >> system('/tmp/script') [roughly] > > >> > > >> The ruby runtime is checking the *path-to-the-command* and THAT is > > >> what it's complaining about. > > >> > > >> Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non > > >> world writable temporary directory. > > >> > > >> I have an older ports tree on this machine or I'd try it myself. I > > >> had to download the latest sources to check all this, > > >> > > > > > > Trying to summarise what I've tested here with the results. > > > > > > My PKG_TMPDIR and TMPDIR are set to /var/tmp: > > > > > > pkgtools.conf: > > > > > > ENV['TMPDIR'] ||= '/var/tmp' > > > ENV['PKG_TMPDIR'] ||= '/var/tmp' > > > ENV['PORTSDIR'] ||= '/usr/ports' > > > ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages' > > > > > > from /usr/local/etc/sudoers: > > > # Uncomment if needed to preserve environmental variables related > > > to the # FreeBSD pkg_* utilities and fetch. > > > Defaults env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR > > > PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE" > > > > > > [simon@vmserver04 ~]$ ls -ld /var/tmp > > > drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/ > > > > > > Note: /var/tmp is not world writeable > > > > > > [simon@vmserver04 ~]$ echo $PATH > > > /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** > > > usr/local/bin:/usr/X11R6/bin:/**usr/local/scripts: > > > > > > root@vmserver04:/root # echo $PATH > > > /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** > > > usr/local/bin:/root/bin > > > > > > I run portupgrade via sudo but both $PATH's show no /tmp or . > > > > > > [simon@vmserver04 ~]$ ruby -v > > > ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9] > > > > > > portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and > > > management tool s > > > > > > Other (not likely) relevant stuff: > > > - I have /usr/ports mounted rw with NFS > > > - I have the packages directory mounted rw with NFS and amd then > > > redefine $PACKAGES to point to the mount point > > > This has been working for several years with no issues > > > > > > [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* > > > ---> Reading default options: -v -D > > > -l /var/tmp/portupgrade.results_ 20130520-22:**56:25 > > > -L /var/tmp/portupgrade/%s::%s.**log ---> Session started at: Mon, > > > 20 May 2013 22:56:26 +0200 ** None has been installed or upgraded. > > > ---> Saving the results to > > > '/var/tmp/portupgrade.results_20130520-22** :56:25' > > > /usr/local/lib/ruby/site_ruby/**1.8/pkgtools/pkgtools.rb:483: > > > warning: Insecure world writable dir /tmp/ in PATH, mode 041777 > > > > > > Still the complaint about /tmp/ > > > > > > [simon@vmserver04 ~]$ sudo chmod 1775 /tmp > > > > > > [simon@vmserver04 ~]$ ls -ld /tmp > > > drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/ > > > > > > [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* > > > ---> Reading default options: -v -D > > > -l /var/tmp/portupgrade.results_ 20130520-23:**16:07 > > > -L /var/tmp/portupgrade/%s::%s.**log ---> Session started at: Mon, > > > 20 May 2013 23:16:07 +0200 ** None has been installed or upgraded. > > > ---> Saving the results to '/var/tmp > > > /portupgrade.results_20130520-23:16:07' > > > ---> Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed > > > 00:00:00) > > > > > > No more complaint. > > > > > > I can't read the portupgrade code well enough to see what it's > > > doing with the script, but if Bob is right that Ruby is running the > > > portupgrade commands from /tmp then the error is within the checks > > > in Ruby which is saying the 777 permission on /tmp is not > > > acceptable, 775 *is* acceptable. Which is strange since surely then > > > everyone with 777 permissions on /tmp would be seeing this message? > > > Does this get us any further? > > > > > > Thanks for all the input, it is appreciated. > > > > > > Cheers > > > > > > Simon. > > > > > > ______________________________**_________________ > > > freebsd-ports@freebsd.org mailing list > > > http://lists.freebsd.org/**mailman/listinfo/freebsd-ports< > http://lists.freebsd.org/mailman/listinfo/freebsd-ports> > > > To unsubscribe, send any mail to > > > "freebsd-ports-unsubscribe@**freebsd.org< > freebsd-ports-unsubscribe@freebsd.org> > > > " > > > > > _______________________________________________ > > freebsd-ports@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > > To unsubscribe, send any mail to > > "freebsd-ports-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" >