From owner-freebsd-ports@FreeBSD.ORG Fri Sep 26 10:26:29 2003 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FD4216A4B3; Fri, 26 Sep 2003 10:26:29 -0700 (PDT) Received: from mx1.fillmore-labs.com (nuuk.fillmore-labs.com [62.138.193.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82AE043FB1; Fri, 26 Sep 2003 10:26:28 -0700 (PDT) (envelope-from eikemeier@fillmore-labs.com) Received: from root (helo=fillmore-labs.com) by mx1.fillmore-labs.com with local-esmtp (Exim 4.24; FreeBSD 4.9) id 1A2wLs-000LeG-O0; Fri, 26 Sep 2003 19:26:09 +0200 Message-ID: <3F7471C9.2000606@fillmore-labs.com> Date: Fri, 26 Sep 2003 19:05:13 +0200 From: Oliver Eikemeier MIME-Version: 1.0 To: FreeBSD-gnats-submit@FreeBSD.org, TERAMOTO Masahiro Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit User-Agent: KMail/1.5.9 Organization: Fillmore Labs GmbH X-Complaints-To: abuse@fillmore-labs.com cc: FreeBSD ports cc: Rob Evers cc: Norikatsu Shigemura Subject: ports/57256: port security/clamav: should not issue rmuser -y on deinstall X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2003 17:26:29 -0000 >Submitter-Id: current-users >Originator: Oliver Eikemeier >Organization: Fillmore Labs - http://www.fillmore-labs.com >Confidential: no >Synopsis: port security/clamav: should not issue rmuser -y on deinstall >Severity: serious >Priority: medium >Category: ports >Class: sw-bug >Release: FreeBSD 5.1-CURRENT i386 >Environment: System: FreeBSD nuuk.fillmore-labs.com 5.1-CURRENT >Description: PR 53305 added @unexec rmuser -y clamav to pkg-plist. This deletes the clamav user and any additional files. This should *only* happen on complete deinstalls, with user confirmation, *never* on upgrades. The clamav user is subsequently re-added, with a possible different user id. Any other group memberships are lost, i.e. if clamav has been added to the group 'mail' it isn't after an upgrade. If I integrated clamav in exim following Sheldon Hearns excellent instructions (${PREFIX}/share/doc/exim/POST-INSTALL-NOTES.clamd in the exim port) my mail server will stop working as a result of the upgrade. A changing user id implies that clamav can't access /var/run/clamav and create a socket there. >How-To-Repeat: # portupgrade -f 'clamav-*' ---> Uninstalling the old version ---> Deinstalling 'clamav-0.60_1' ---> Preserving /usr/local/lib/libclamav.so.1 as /usr/local/lib/compat/pkg/libclamav.so.1 pkg_delete: '/usr/local/share/clamav/viruses.db' fails original MD5 checksum - deleted anyway. pkg_delete: '/usr/local/share/clamav/viruses.db2' fails original MD5 checksum - deleted anyway. /usr/sbin/rmuser: Informational: Home /nonexistent is not a directory, so it won't be removed Killed process(es) belonging to clamav. Updating password file, updating databases, done. Updating group file: mail (removing group clamav -- personal group is empty) done. Removing files belonging to clamav from /tmp: done. Removing files belonging to clamav from /var/tmp: done. Removing files belonging to clamav from /var/tmp/vi.recover: done. [Updating the pkgdb in /var/db/pkg ... - 91 packages found (-1 +0) (...) done] ---> Installing the new version via the port ===> Installing for clamav-0.60_2 [...] ===> Creating custom user to run clamav... /bin/sh /usr/ports/security/clamav/pkg-install clamav-0.60_2 PRE-INSTALL => Added group "clamav". => Added user "clamav". >Fix: Remove @unexec rmuser -y clamav from pkg-plist. If necessary, add a message in pkg-deinstall, telling the user to do this step manually.