Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 22 Apr 2005 16:06:22 +0200
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        Jon Noack <noackjr@alumni.rice.edu>
Cc:        ports@freebsd.org
Subject:   Re: portupgrade regression?
Message-ID:  <20050422140619.GA785@zaphod.nitro.dk>
In-Reply-To: <42689D49.4050908@alumni.rice.edu>
References:  <42689D49.4050908@alumni.rice.edu>

next in thread | previous in thread | raw e-mail | index | archive | help

--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2005.04.22 01:44:25 -0500, Jon Noack wrote:
> Ever since the security fix for CAN-2005-0610, portupgrade and company=20
> have been behaving oddly for me.  The root cause of this seems to be=20
> that the pkgdb is being updated needlessly with every operation:

After the patch pkgdb.fixme is created in /var/db/pkg, which causes
the portupgrade package database update check to always fail.

> One side effect is that it is no longer possible to run portversion as a=
=20
> normal user:
>=20
> [noackjr:~] $ portversion -v | grep -v "=3D"
> The pkgdb must be updated.  Please run 'pkgdb -u' as root.
> [noackjr:~] $

I hadn't heard about that problem before :-/.

> I don't quite understand the CAN-2005-0610 patch.  Why are we ignoring=20
> @tmp_dir?

By default @tmp_dir point to a world writeable directory which make it
vulnerable to standard symlink attacks.  It's correct that this is not
a problem if you set TMPDIR or PKG_TMPDIR to a non world-writeable
directory, but most people don't do that (since they don't really have
a reason to).

> I have no problem with @tmp_dir defaulting to a secure=20
> location, but why can't I configure it so that my normal user account=20
> can use portversion?  Heck, I don't even really know what the=20
> pkgdb.fixme file is used for, just that changing its path breaks=20
> portversion.  I have set PKG_TMPDIR to a location where my normal user=20
> account has write access (as mentioned in the VuXML entry:=20
> http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html),=
=20
> but with @tmp_dir being ignored it has no effect.

Correct, since that was only a workaround for older portupgrade
releases, portupgrade 20041226_2 with patch-CAN-2005-0610 does not
need this.

pkgdb.fixme is used by portupgrade to signal that the package database
should be rebuild.  Since it's used (from what I can gather) between
different portupgrade processes it has to be a well known filename, so
just creating it under our the secure temporary directory (the one
patch-CAN-2005-0610 creates) won't work since it then has a "random"
filename.

> Am I trying to do something that I shouldn't?  What is the correct
> behavior here?

It is definitely a bug that the package database is rebuild every
time, and portversion fails due to that problem.  The solution is
probably to create pkgdb.fixme in another directory, but I haven't yet
found a secure and reliable fix.  I am looking into it (and if anybody
has good ideas, or patches, please contact me).

--=20
Simon L. Nielsen

--OXfL5xGRrasGEqWY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFCaQTbh9pcDSc1mlERAnT3AJ9macOA/sAm1oFBwiDnd3SggyArLACbBznC
dl5oTJuYpHYWjO7ydBl1dGw=
=khRJ
-----END PGP SIGNATURE-----

--OXfL5xGRrasGEqWY--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050422140619.GA785>