From owner-freebsd-security@FreeBSD.ORG Thu Mar 19 12:16:18 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA6D2106564A for ; Thu, 19 Mar 2009 12:16:18 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from poseidon.ceid.upatras.gr (poseidon.ceid.upatras.gr [150.140.141.169]) by mx1.freebsd.org (Postfix) with ESMTP id 402FA8FC08 for ; Thu, 19 Mar 2009 12:16:18 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from mail.ceid.upatras.gr (unknown [10.1.0.143]) by poseidon.ceid.upatras.gr (Postfix) with ESMTP id 4D2A0EB55D3; Thu, 19 Mar 2009 14:16:17 +0200 (EET) Received: from localhost (europa.ceid.upatras.gr [127.0.0.1]) by mail.ceid.upatras.gr (Postfix) with ESMTP id 37D7045088; Thu, 19 Mar 2009 14:16:17 +0200 (EET) X-Virus-Scanned: amavisd-new at ceid.upatras.gr Received: from mail.ceid.upatras.gr ([127.0.0.1]) by localhost (europa.ceid.upatras.gr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RR8C5cSs4K7c; Thu, 19 Mar 2009 14:16:17 +0200 (EET) Received: from kobe.laptop (adsl126-96.kln.forthnet.gr [77.49.245.96]) by mail.ceid.upatras.gr (Postfix) with ESMTP id D28EB4503F; Thu, 19 Mar 2009 14:16:16 +0200 (EET) Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.3/8.14.3) with ESMTP id n2JCGGT4030673; Thu, 19 Mar 2009 14:16:16 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.3/8.14.3/Submit) id n2JCGFLx030670; Thu, 19 Mar 2009 14:16:15 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) From: Giorgos Keramidas To: Nikos Ntarmos References: <200903062256.n26MuA2r085728@pc.jgr.de> <87ljr61t3v.fsf@kobe.laptop> <20090319102606.GA27912@ace.cs.uoi.gr> Date: Thu, 19 Mar 2009 14:16:04 +0200 In-Reply-To: <20090319102606.GA27912@ace.cs.uoi.gr> (Nikos Ntarmos's message of "Thu, 19 Mar 2009 12:26:06 +0200") Message-ID: <87eiwtwvwb.fsf@kobe.laptop> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.91 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Cc: freebsd-security@freebsd.org Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 12:16:19 -0000 --=-=-= On Thu, 19 Mar 2009 12:26:06 +0200, Nikos Ntarmos wrote: >On Sun, Mar 15, 2009 at 09:30:44PM +0200, Giorgos Keramidas wrote: >>On Fri, 6 Mar 2009 23:56:10 +0100 (CET), freebsd001@pc.jgr.de wrote: >>> Dear list members, >>> >>> I am not only wondering about the permissions of several emacs-related >>> directories as it has recently been mentioned in this thread, but also >>> about the ownership of several emacs-related files. >> >> This seems to be a local installation glitch. >> >>>>find . -not -user root | head -n 3 >>> ./emacs/22.3/etc >>> ./emacs/22.3/etc/GNUS-NEWS >>> ./emacs/22.3/etc/fr-drdref.ps >>> >>>>find . -not -user root | wc -l >>> 2643 > > That's probably due to the fact that emacs uses something along the > lines of 'tar -chf - ... | tar -xvf - ...' to copy the files, followed > (in some cases) by a chown to $LOGNAME (or if that is not set, to > $USERNAME). If you just 'su', LOGNAME remains set to what it was > before (i.e. nutzer), while 'su -' will clear that out. Yep, that's exactly what the Emacs build glue does. One of the directories mentioned in the permission listings of the thread includes `leim/'. The source of `emacs/leim/Makefile.in' installs files with tar and chown: 240 tar -chf - quail/* ja-dic \ 241 | (cd ${INSTALLDIR}; umask 0; tar -xvf - && cat > /dev/null) ;\ ... 264 find ${INSTALLDIR} -exec chown $${installuser} '{}' ';' There are probably better ways to install a configurable list of files, i.e. by using a `manifest' of some sort and piping the list through xargs to ${INSTALLDIR} and ${INSTALLDATA} macros. This would require extensive changes to the vendor source though. It may be worth the effort if someone is interested to hack Emacs sources, so anyone interested in this sort of change to the GNU sources of Emacs should try taking this up with the `emacs-devel' mailing list. That's the right place to discuss potential improvements to Emacs sources, so that all the other platforms where Emacs works can benefit too :-) Having said that, fixing the makefiles of Emacs won't really solve the potential problems of *all* ports when plain `su' is used to install ports. So while it it a good idea for someone who wants to start hacking Emacs code, the general rule of "install only with `su -'" still applies for every other port in our tree. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAknCN48ACgkQ1g+UGjGGA7YSygCgjy5BqZZmsuMgJMKXfCDU+ZtU 4TYAnjdWcFPgWQYUUmNh1SYZabM4E81k =ETeL -----END PGP SIGNATURE----- --=-=-=--