From owner-freebsd-pkg@freebsd.org Wed Jun 22 20:01:43 2016 Return-Path: Delivered-To: freebsd-pkg@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 984E9B72F12 for ; Wed, 22 Jun 2016 20:01:43 +0000 (UTC) (envelope-from isoa@kapsi.fi) Received: from mail.kapsi.fi (mx1.kapsi.fi [IPv6:2001:1bc8:1004::1:25]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 34E191E04; Wed, 22 Jun 2016 20:01:43 +0000 (UTC) (envelope-from isoa@kapsi.fi) Received: from kirsikka.kapsi.fi ([217.30.184.185] helo=roundcube.kapsi.fi) by mail.kapsi.fi with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1bFoLE-0006fM-6R; Wed, 22 Jun 2016 23:01:40 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 22 Jun 2016 23:01:40 +0300 From: Arto Pekkanen To: Stefan Esser Cc: freebsd-pkg@freebsd.org Subject: Re: Unprivileged user can prevent pkg add/install/delete from working (pkg issue 1222) In-Reply-To: <496aaa3c-9224-53a0-d1a7-e1b6043e7df4@freebsd.org> References: <496aaa3c-9224-53a0-d1a7-e1b6043e7df4@freebsd.org> Message-ID: <86489f9ccb69b62bc61f24c6e7ce934b@kapsi.fi> X-Sender: isoa@kapsi.fi User-Agent: RoundCube Webmail/0.9.4 X-SA-Exim-Connect-IP: 217.30.184.185 X-SA-Exim-Mail-From: isoa@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jun 2016 20:01:43 -0000 Yeah, ouch, this is a pretty damn bad bug that should be fixed ASAP! Have you made an official PR already? If not, then please do: https://bugs.freebsd.org/bugzilla/enter_bug.cgi Stefan Esser kirjoitti 21.06.2016 15:28: > Using portmaster to update some ports sometimes failed for me, when > used > with PKG_NG. > > I created https://github.com/freebsd/pkg/issues/1222 to describe and > document the problem. > > Since the problem persists, I had anothe rlook and found, that the > cause described in issue 1222 did no longer apply, but instead that > the problem is much broader. > > Package (de-)installation actions can be blocked by any unprovileged > user with the simple command: > > $ pkg info | sleep 1000000 > > (This only works if the output from pkg info is large enough to keep > the pkg command blocked for the duration of the sleep, obviously ...) > > > The invocation in postmaster is equivalent to: > > pkg query "%n-%v %o" | while read pkg origin > do > ... > pkg add/delete ... > ... > done > > Depending on a number of factors, the inner pkg command fails if the > while loop has not consumed all output from the "pkg query" command. > > This is easily fixed in portmaster (by buffering the output of the > "pkg query" command, before the loop is entered). > > > But this does not help with the fact, that any user can prevent the > installation or deletion of packages by keeping a "pkg info" process > blocked. > > Instead of the example (with sleep) given above, "pkg info|more" does > also block package installation and deletion, since "more" does not > buffer all output from the command. And that might occur without the > user typing "pkg info|more" knowing that he blocks out "pkg add/delete" > for the duration of time he keeps the more command blocked ... > > Regards, STefan > _______________________________________________ > freebsd-pkg@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pkg > To unsubscribe, send any mail to "freebsd-pkg-unsubscribe@freebsd.org" -- Arto Pekkanen