From owner-freebsd-ports@FreeBSD.ORG Fri Apr 29 09:10:46 2005 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2043C16A4CE for ; Fri, 29 Apr 2005 09:10:46 +0000 (GMT) Received: from eddie.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 527AC43D49 for ; Fri, 29 Apr 2005 09:10:45 +0000 (GMT) (envelope-from simon@eddie.nitro.dk) Received: by eddie.nitro.dk (Postfix, from userid 1000) id 2388B119C4C; Fri, 29 Apr 2005 11:10:44 +0200 (CEST) Date: Fri, 29 Apr 2005 11:10:43 +0200 From: "Simon L. Nielsen" To: Jon Noack Message-ID: <20050429091043.GD16549@eddie.nitro.dk> References: <42689D49.4050908@alumni.rice.edu> <20050422140619.GA785@zaphod.nitro.dk> <42694383.7090500@alumni.rice.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Qbvjkv9qwOGw/5Fx" Content-Disposition: inline In-Reply-To: <42694383.7090500@alumni.rice.edu> User-Agent: Mutt/1.5.9i cc: ports@freebsd.org Subject: Re: portupgrade regression? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 09:10:46 -0000 --Qbvjkv9qwOGw/5Fx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.04.22 13:33:39 -0500, Jon Noack wrote: > On 4/22/2005 9:06 AM, Simon L. Nielsen wrote: > >On 2005.04.22 01:44:25 -0500, Jon Noack wrote: > >>Ever since the security fix for CAN-2005-0610, portupgrade and company= =20 > >>have been behaving oddly for me. The root cause of this seems to be=20 > >>that the pkgdb is being updated needlessly with every operation: > > > >After the patch pkgdb.fixme is created in /var/db/pkg, which causes > >the portupgrade package database update check to always fail. >=20 > I get it now: portupgrade compares the /var/db/pkg timestamp to the=20 > pkgdb.db timestamp to figure out when to update. Creating pkgdb.fixme=20 > in /var/db/pkg will bump the /var/db/pkg timestamp and make it always=20 > seem like pkgdb.db is old and needs to be updating. Correct. > >>Am I trying to do something that I shouldn't? What is the correct > >>behavior here? > > > >It is definitely a bug that the package database is rebuild every > >time, and portversion fails due to that problem. The solution is > >probably to create pkgdb.fixme in another directory, but I haven't yet > >found a secure and reliable fix. I am looking into it (and if anybody > >has good ideas, or patches, please contact me). >=20 > The following change (relative to the original source) leaves the=20 > default as the @db_dir but allows one to override it with PKG_TMPDIR or= =20 > TMPDIR: > > ********************************************************************** > --- pkgdb.rb.orig Mon Oct 18 09:59:09 2004 > +++ pkgdb.rb Fri Apr 22 13:25:20 2005 > @@ -96,7 +96,7 @@ > @db_dir =3D File.expand_path(new_db_dir || ENV['PKG_DBDIR'] ||=20 > '/var/db/pkg') >=20 > @db_file =3D File.join(@db_dir, 'pkgdb.db') > - @tmp_dir =3D ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp' > + @tmp_dir =3D ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || @db_dir > @fixme_file =3D File.join(@tmp_dir, 'pkgdb.fixme') > @db_filebase =3D @db_file.sub(/\.db$/, '') > close_db > ********************************************************************** >=20 > One would need to apply the same change to pkgsqldb.rb. That change=20 > resolves the issue for me but preserves a secure default. Is that an=20 > acceptable compromise? The problem with that solution leaves people with legitimate setups (where PKG_TMPDIR or TMPDIR is set to a world write able dir) are then vulnerable to symlink attacks. I think I have found the way to fix this both so it works for non-root, make pkgdb.db not be updated all the time, and so it does not cause new security problems, but I need to work out a few quirks (my first version did not work correctly). Hopefully I will get it working this weekend, if not I will add a bandaid so you can make it work by setting an environment variable. Sorry about the delay in fixing this. --=20 Simon L. Nielsen --Qbvjkv9qwOGw/5Fx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCcfoTh9pcDSc1mlERAufTAKCibxUuraDtdxnC2Qaxqco3gR2HpgCeJd4o lAQ3YSO/bwMUT1aZeaA9GMI= =crGv -----END PGP SIGNATURE----- --Qbvjkv9qwOGw/5Fx--