Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Aug 2005 18:16:14 +0400 (MSD)
From:      Dmitry Morozovsky <marck@FreeBSD.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        portmgr@FreeBSD.org
Subject:   ports/85247: [SECURITY] www/oops oops user creation possible problem
Message-ID:  <200508231416.j7NEGETB095053@woozle.rinet.ru>
Resent-Message-ID: <200508231420.j7NEK8xN045424@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         85247
>Category:       ports
>Synopsis:       [SECURITY] www/oops oops user creation possible problem
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 23 14:20:07 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry Morozovsky
>Release:        FreeBSD {4,5}-STABLE i386
>Organization:
Cronyx Plus LLC (RiNet ISP)
>Environment:
System: FreeBSD {4,5}-STABLE 

>Description:

It has been somehow overlooked that oops pseudo-user created by th einstall
script has default group of 0.  Having in mind that many systems now have
sudo(8) installed and, moreover, most of known sudo configurations use group
wheel (0) as privileged.

So, I've decided to change default group to nogroup.

As this fault may have security impacts, I'd like to see this patch committed before 6.0-R.

>How-To-Repeat:

>Fix:


Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/oops/Makefile,v
retrieving revision 1.37
diff -u -r1.37 Makefile
--- Makefile	30 May 2005 21:20:39 -0000	1.37
+++ Makefile	23 Aug 2005 13:44:03 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	oops
 PORTVERSION=	${OOPSVERSION}
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	www
 MASTER_SITES=	http://oops-cache.org/
 DISTNAME=	${PORTNAME}-${OOPSVERSION}
Index: pkg-install
===================================================================
RCS file: /home/ncvs/ports/www/oops/pkg-install,v
retrieving revision 1.4
diff -u -r1.4 pkg-install
--- pkg-install	5 Feb 2005 18:33:40 -0000	1.4
+++ pkg-install	23 Aug 2005 13:44:03 -0000
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 user=oops
-group=wheel
+group=nogroup
 
 ask() {
     local question default answer
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508231416.j7NEGETB095053>