From owner-freebsd-ports  Tue Aug 21 16:50:45 2001
Delivered-To: freebsd-ports@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7861937B40E
	for <freebsd-ports@hub.freebsd.org>; Tue, 21 Aug 2001 16:50:11 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f7LNoB551127;
	Tue, 21 Aug 2001 16:50:11 -0700 (PDT)
	(envelope-from gnats)
Received: from speedy.netbeat.de (speedy.netbeat.de [212.6.214.36])
	by hub.freebsd.org (Postfix) with ESMTP id 218F237B419
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 21 Aug 2001 16:47:00 -0700 (PDT)
	(envelope-from wwwrun@speedy.netbeat.de)
Received: (from wwwrun@localhost)
	by speedy.netbeat.de (8.9.3/8.9.3) id BAA16883;
	Wed, 22 Aug 2001 01:46:59 +0200
Message-Id: <200108212346.BAA16883@speedy.netbeat.de>
Date: Wed, 22 Aug 2001 01:46:59 +0200
From: Oliver Lehmann <lehmann@ans-netz.de>
Reply-To: Oliver Lehmann <lehmann@ans-netz.de>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: ports/29939: update port: sysutils/xcdroast
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


>Number:         29939
>Category:       ports
>Synopsis:       update port: sysutils/xcdroast
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 21 16:50:11 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Oliver Lehmann
>Release:        FreeBSD 4.4-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD sina.sesamestreet.net 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #0: Sat Aug 11 04:09:45 CEST 2001 olivleh1@bert.sesamestreet.net:/usr/obj/usr/src/sys/SINA i386


	
>Description:

	Change the default install to use it as root only. Because the non-root mode
	isn't really secure

>How-To-Repeat:
>Fix:

diff -ruN xcdroast.old/Makefile xcdroast/Makefile
--- xcdroast.old/Makefile	Wed Aug 22 00:58:42 2001
+++ xcdroast/Makefile	Wed Aug 22 01:16:50 2001
@@ -34,16 +34,19 @@
 	done
 
 post-install:
+	@${CAT} ${PKGMESSAGE}
+
+enable-nonroot:
 
 	/usr/sbin/pw groupadd -n cdwrite
 
-#	for i in cdrecord cdda2wav mkisofs readcd; do \
-#	    ${CHOWN} root:cdwrite ${LOCALBASE}/bin/$$i ; \
-#	    ${CHMOD} 4710 ${LOCALBASE}/bin/$$i ; \
-#	done
+	for i in cdrecord cdda2wav mkisofs readcd; do \
+	    ${CHOWN} root:cdwrite ${LOCALBASE}/bin/$$i ; \
+	    ${CHMOD} 4710 ${LOCALBASE}/bin/$$i ; \
+	done
 
-#	${CHOWN} root:cdwrite ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap
-#	${CHMOD} 2755 ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap
+	${CHOWN} root:cdwrite ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap
+	${CHMOD} 2755 ${PREFIX}/lib/xcdroast-0.98/bin/xcdrwrap
 
 	@${ECHO} ""
 	@${ECHO} "***************************************************************"
@@ -52,4 +55,5 @@
 	@${ECHO} " this file, a normal user will get an error message."
 	@${ECHO} "***************************************************************"
 	@${ECHO} ""
+
 .include <bsd.port.mk>
diff -ruN xcdroast.old/pkg-message xcdroast/pkg-message
--- xcdroast.old/pkg-message	Thu Jan  1 01:00:00 1970
+++ xcdroast/pkg-message	Wed Aug 22 01:40:22 2001
@@ -0,0 +1,20 @@
+
+***********************************************************
+                      ATTENTION!
+
+You must be root to use xcdroast. To use it as normal user,
+type "make enable-nonroot". But beware! This is a security
+risk. It modifies the following files and give them the
+set-user-ID-on-execution bit.
+
+cdrecord(1)
+readcd(1)
+cdda2wav(1)
+mkisofs(8)
+
+All group members of "cdwrite" are able to run these files
+as root. Usually, these group has no members.
+Users added to this group may start these files as root
+
+***********************************************************
+
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message