From owner-freebsd-ports@FreeBSD.ORG Fri Apr 22 14:06:26 2005 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E534116A4CE for ; Fri, 22 Apr 2005 14:06:26 +0000 (GMT) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38CAB43D46 for ; Fri, 22 Apr 2005 14:06:26 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 72F2B11AC4; Fri, 22 Apr 2005 16:06:22 +0200 (CEST) Date: Fri, 22 Apr 2005 16:06:22 +0200 From: "Simon L. Nielsen" To: Jon Noack Message-ID: <20050422140619.GA785@zaphod.nitro.dk> References: <42689D49.4050908@alumni.rice.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OXfL5xGRrasGEqWY" Content-Disposition: inline In-Reply-To: <42689D49.4050908@alumni.rice.edu> User-Agent: Mutt/1.5.9i cc: ports@freebsd.org Subject: Re: portupgrade regression? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 14:06:27 -0000 --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.04.22 01:44:25 -0500, Jon Noack wrote: > Ever since the security fix for CAN-2005-0610, portupgrade and company=20 > have been behaving oddly for me. The root cause of this seems to be=20 > that the pkgdb is being updated needlessly with every operation: After the patch pkgdb.fixme is created in /var/db/pkg, which causes the portupgrade package database update check to always fail. > One side effect is that it is no longer possible to run portversion as a= =20 > normal user: >=20 > [noackjr:~] $ portversion -v | grep -v "=3D" > The pkgdb must be updated. Please run 'pkgdb -u' as root. > [noackjr:~] $ I hadn't heard about that problem before :-/. > I don't quite understand the CAN-2005-0610 patch. Why are we ignoring=20 > @tmp_dir? By default @tmp_dir point to a world writeable directory which make it vulnerable to standard symlink attacks. It's correct that this is not a problem if you set TMPDIR or PKG_TMPDIR to a non world-writeable directory, but most people don't do that (since they don't really have a reason to). > I have no problem with @tmp_dir defaulting to a secure=20 > location, but why can't I configure it so that my normal user account=20 > can use portversion? Heck, I don't even really know what the=20 > pkgdb.fixme file is used for, just that changing its path breaks=20 > portversion. I have set PKG_TMPDIR to a location where my normal user=20 > account has write access (as mentioned in the VuXML entry:=20 > http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html),= =20 > but with @tmp_dir being ignored it has no effect. Correct, since that was only a workaround for older portupgrade releases, portupgrade 20041226_2 with patch-CAN-2005-0610 does not need this. pkgdb.fixme is used by portupgrade to signal that the package database should be rebuild. Since it's used (from what I can gather) between different portupgrade processes it has to be a well known filename, so just creating it under our the secure temporary directory (the one patch-CAN-2005-0610 creates) won't work since it then has a "random" filename. > Am I trying to do something that I shouldn't? What is the correct > behavior here? It is definitely a bug that the package database is rebuild every time, and portversion fails due to that problem. The solution is probably to create pkgdb.fixme in another directory, but I haven't yet found a secure and reliable fix. I am looking into it (and if anybody has good ideas, or patches, please contact me). --=20 Simon L. Nielsen --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCaQTbh9pcDSc1mlERAnT3AJ9macOA/sAm1oFBwiDnd3SggyArLACbBznC dl5oTJuYpHYWjO7ydBl1dGw= =khRJ -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY--