Date: Tue, 2 Mar 2021 13:58:12 -0500 From: Nathan Whitehorn <nwhitehorn@freebsd.org> To: rgrimes@FreeBSD.org, Brandon Bergren <bdragon@FreeBSD.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 2c26d77d989a - main - Remove /boot/efi from mtree, missed in 0b7472b3d8d2. Message-ID: <3d947e4c-a529-0b27-a8d7-415600783e53@freebsd.org> In-Reply-To: <202103021856.122IuYgV048086@gndrsh.dnsmgr.net> References: <202103021856.122IuYgV048086@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/2/21 1:56 PM, Rodney W. Grimes wrote: >> >> On Tue, Mar 2, 2021, at 12:26 PM, Rodney W. Grimes wrote: >>> This fails to apply the proper owner/group and mode values >>> using what ever defaults are in place of the process running >>> the build. >> Keep in mind that this is the root of a mounted filesystem in the case where it matters, and the filesystem being mounted there doesn't support proper modes anyway, so the mtree values are a bit irrelevant anyway as the actual control of that is in the fstab. > That assumes the mount is done and/or kept. My concern is more > of a lack security (aka world writable) /boot/efi getting created > in a distribution that then is *not* mounted for some reason, > either by choice or error. > > mkdir should be stricken from use when possible, install -d > should be used instead. > But that can't happen in this code. For one thing, it's only used in a controlled environment to generate SD-card images for a handful of ARM boards. For another the mount is set up and installed in fstab a couple lines further down the same script. -Nathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3d947e4c-a529-0b27-a8d7-415600783e53>