Date: Fri, 22 Apr 2005 16:06:22 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Jon Noack <noackjr@alumni.rice.edu> Cc: ports@freebsd.org Subject: Re: portupgrade regression? Message-ID: <20050422140619.GA785@zaphod.nitro.dk> In-Reply-To: <42689D49.4050908@alumni.rice.edu> References: <42689D49.4050908@alumni.rice.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.04.22 01:44:25 -0500, Jon Noack wrote: > Ever since the security fix for CAN-2005-0610, portupgrade and company=20 > have been behaving oddly for me. The root cause of this seems to be=20 > that the pkgdb is being updated needlessly with every operation: After the patch pkgdb.fixme is created in /var/db/pkg, which causes the portupgrade package database update check to always fail. > One side effect is that it is no longer possible to run portversion as a= =20 > normal user: >=20 > [noackjr:~] $ portversion -v | grep -v "=3D" > The pkgdb must be updated. Please run 'pkgdb -u' as root. > [noackjr:~] $ I hadn't heard about that problem before :-/. > I don't quite understand the CAN-2005-0610 patch. Why are we ignoring=20 > @tmp_dir? By default @tmp_dir point to a world writeable directory which make it vulnerable to standard symlink attacks. It's correct that this is not a problem if you set TMPDIR or PKG_TMPDIR to a non world-writeable directory, but most people don't do that (since they don't really have a reason to). > I have no problem with @tmp_dir defaulting to a secure=20 > location, but why can't I configure it so that my normal user account=20 > can use portversion? Heck, I don't even really know what the=20 > pkgdb.fixme file is used for, just that changing its path breaks=20 > portversion. I have set PKG_TMPDIR to a location where my normal user=20 > account has write access (as mentioned in the VuXML entry:=20 > http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html),= =20 > but with @tmp_dir being ignored it has no effect. Correct, since that was only a workaround for older portupgrade releases, portupgrade 20041226_2 with patch-CAN-2005-0610 does not need this. pkgdb.fixme is used by portupgrade to signal that the package database should be rebuild. Since it's used (from what I can gather) between different portupgrade processes it has to be a well known filename, so just creating it under our the secure temporary directory (the one patch-CAN-2005-0610 creates) won't work since it then has a "random" filename. > Am I trying to do something that I shouldn't? What is the correct > behavior here? It is definitely a bug that the package database is rebuild every time, and portversion fails due to that problem. The solution is probably to create pkgdb.fixme in another directory, but I haven't yet found a secure and reliable fix. I am looking into it (and if anybody has good ideas, or patches, please contact me). --=20 Simon L. Nielsen --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCaQTbh9pcDSc1mlERAnT3AJ9macOA/sAm1oFBwiDnd3SggyArLACbBznC dl5oTJuYpHYWjO7ydBl1dGw= =khRJ -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050422140619.GA785>