Date: Wed, 22 Aug 2001 01:46:59 +0200 From: Oliver Lehmann <lehmann@ans-netz.de> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/29939: update port: sysutils/xcdroast Message-ID: <200108212346.BAA16883@speedy.netbeat.de>
next in thread | raw e-mail | index | archive | help
>Number: 29939
>Category: ports
>Synopsis: update port: sysutils/xcdroast
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 21 16:50:11 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Oliver Lehmann
>Release: FreeBSD 4.4-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD sina.sesamestreet.net 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #0: Sat Aug 11 04:09:45 CEST 2001 olivleh1@bert.sesamestreet.net:/usr/obj/usr/src/sys/SINA i386
>Description:
Change the default install to use it as root only. Because the non-root mode
isn't really secure
>How-To-Repeat:
>Fix:
diff -ruN xcdroast.old/Makefile xcdroast/Makefile
--- xcdroast.old/Makefile Wed Aug 22 00:58:42 2001
+++ xcdroast/Makefile Wed Aug 22 01:16:50 2001
@@ -34,16 +34,19 @@
done
post-install:
+ @${CAT} ${PKGMESSAGE}
+
+enable-nonroot:
/usr/sbin/pw groupadd -n cdwrite
-# for i in cdrecord cdda2wav mkisofs readcd; do \
-# ${CHOWN} root:cdwrite ${LOCALBASE}/bin/$$i ; \
-# ${CHMOD} 4710 ${LOCALBASE}/bin/$$i ; \
-# done
+ for i in cdrecord cdda2wav mkisofs readcd; do \
+ ${CHOWN} root:cdwrite ${LOCALBASE}/bin/$$i ; \
+ ${CHMOD} 4710 ${LOCALBASE}/bin/$$i ; \
+ done
-# ${CHOWN} root:cdwrite ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap
-# ${CHMOD} 2755 ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap
+ ${CHOWN} root:cdwrite ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap
+ ${CHMOD} 2755 ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap
@${ECHO} ""
@${ECHO} "***************************************************************"
@@ -52,4 +55,5 @@
@${ECHO} " this file, a normal user will get an error message."
@${ECHO} "***************************************************************"
@${ECHO} ""
+
.include <bsd.port.mk>
diff -ruN xcdroast.old/pkg-message xcdroast/pkg-message
--- xcdroast.old/pkg-message Thu Jan 1 01:00:00 1970
+++ xcdroast/pkg-message Wed Aug 22 01:40:22 2001
@@ -0,0 +1,20 @@
+
+***********************************************************
+ ATTENTION!
+
+You must be root to use xcdroast. To use it as normal user,
+type "make enable-nonroot". But beware! This is a security
+risk. It modifies the following files and give them the
+set-user-ID-on-execution bit.
+
+cdrecord(1)
+readcd(1)
+cdda2wav(1)
+mkisofs(8)
+
+All group members of "cdwrite" are able to run these files
+as root. Usually, these group has no members.
+Users added to this group may start these files as root
+
+***********************************************************
+
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108212346.BAA16883>