Date: Tue, 21 Jun 2016 14:28:39 +0200 From: Stefan Esser <se@freebsd.org> To: pkg@freebsd.org Subject: Unprivileged user can prevent pkg add/install/delete from working (pkg issue 1222) Message-ID: <496aaa3c-9224-53a0-d1a7-e1b6043e7df4@freebsd.org>
next in thread | raw e-mail | index | archive | help
Using portmaster to update some ports sometimes failed for me, when used with PKG_NG. I created https://github.com/freebsd/pkg/issues/1222 to describe and document the problem. Since the problem persists, I had anothe rlook and found, that the cause described in issue 1222 did no longer apply, but instead that the problem is much broader. Package (de-)installation actions can be blocked by any unprovileged user with the simple command: $ pkg info | sleep 1000000 (This only works if the output from pkg info is large enough to keep the pkg command blocked for the duration of the sleep, obviously ...) The invocation in postmaster is equivalent to: pkg query "%n-%v %o" | while read pkg origin do ... pkg add/delete ... ... done Depending on a number of factors, the inner pkg command fails if the while loop has not consumed all output from the "pkg query" command. This is easily fixed in portmaster (by buffering the output of the "pkg query" command, before the loop is entered). But this does not help with the fact, that any user can prevent the installation or deletion of packages by keeping a "pkg info" process blocked. Instead of the example (with sleep) given above, "pkg info|more" does also block package installation and deletion, since "more" does not buffer all output from the command. And that might occur without the user typing "pkg info|more" knowing that he blocks out "pkg add/delete" for the duration of time he keeps the more command blocked ... Regards, STefan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?496aaa3c-9224-53a0-d1a7-e1b6043e7df4>