Date: Wed, 22 Aug 2001 01:46:59 +0200 From: Oliver Lehmann <lehmann@ans-netz.de> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/29939: update port: sysutils/xcdroast Message-ID: <200108212346.BAA16883@speedy.netbeat.de>
next in thread | raw e-mail | index | archive | help
>Number: 29939 >Category: ports >Synopsis: update port: sysutils/xcdroast >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Aug 21 16:50:11 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Oliver Lehmann >Release: FreeBSD 4.4-PRERELEASE i386 >Organization: >Environment: System: FreeBSD sina.sesamestreet.net 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #0: Sat Aug 11 04:09:45 CEST 2001 olivleh1@bert.sesamestreet.net:/usr/obj/usr/src/sys/SINA i386 >Description: Change the default install to use it as root only. Because the non-root mode isn't really secure >How-To-Repeat: >Fix: diff -ruN xcdroast.old/Makefile xcdroast/Makefile --- xcdroast.old/Makefile Wed Aug 22 00:58:42 2001 +++ xcdroast/Makefile Wed Aug 22 01:16:50 2001 @@ -34,16 +34,19 @@ done post-install: + @${CAT} ${PKGMESSAGE} + +enable-nonroot: /usr/sbin/pw groupadd -n cdwrite -# for i in cdrecord cdda2wav mkisofs readcd; do \ -# ${CHOWN} root:cdwrite ${LOCALBASE}/bin/$$i ; \ -# ${CHMOD} 4710 ${LOCALBASE}/bin/$$i ; \ -# done + for i in cdrecord cdda2wav mkisofs readcd; do \ + ${CHOWN} root:cdwrite ${LOCALBASE}/bin/$$i ; \ + ${CHMOD} 4710 ${LOCALBASE}/bin/$$i ; \ + done -# ${CHOWN} root:cdwrite ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap -# ${CHMOD} 2755 ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap + ${CHOWN} root:cdwrite ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap + ${CHMOD} 2755 ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap @${ECHO} "" @${ECHO} "***************************************************************" @@ -52,4 +55,5 @@ @${ECHO} " this file, a normal user will get an error message." @${ECHO} "***************************************************************" @${ECHO} "" + .include <bsd.port.mk> diff -ruN xcdroast.old/pkg-message xcdroast/pkg-message --- xcdroast.old/pkg-message Thu Jan 1 01:00:00 1970 +++ xcdroast/pkg-message Wed Aug 22 01:40:22 2001 @@ -0,0 +1,20 @@ + +*********************************************************** + ATTENTION! + +You must be root to use xcdroast. To use it as normal user, +type "make enable-nonroot". But beware! This is a security +risk. It modifies the following files and give them the +set-user-ID-on-execution bit. + +cdrecord(1) +readcd(1) +cdda2wav(1) +mkisofs(8) + +All group members of "cdwrite" are able to run these files +as root. Usually, these group has no members. +Users added to this group may start these files as root + +*********************************************************** + >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108212346.BAA16883>