Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 Mar 2000 02:26:52 +0300
From:      Giorgos Keramidas <keramida@ceid.upatras.gr>
To:        Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc:        Frank Tobin <ftobin@uiuc.edu>, security@FreeBSD.ORG
Subject:   Re: Installing modules schg
Message-ID:  <20000329022652.F6783@hades.hell.gr>
In-Reply-To: <xzpbt3zxo51.fsf@flood.ping.uio.no>; from des@flood.ping.uio.no on Tue, Mar 28, 2000 at 02:41:46PM %2B0200
References:  <Pine.BSF.4.21.0003270554300.69450-100000@isr4033.urh.uiuc.edu> <xzpbt3zxo51.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Tue, Mar 28, 2000 at 02:41:46PM +0200, Dag-Erling Smorgrav wrote:
> Frank Tobin <ftobin@uiuc.edu> writes:
> > [...]
> > "Preserves all file flags" doesn't exactly explain to what extent install
> > will go to to clear the current flags so it can get its job done.
> 
> Apologies.
> 
> In brief: it can at least handle the case where the previously
> existing file was schg. This is done routinely by various Makefiles in
> the cases of ld-elf.so.1, mail.local, rcp and friends, and kernels.

I'm glad to hear this, since I had seen the relevant section of the
kernel makefile, and it uses chflags before calling install.  It had me
worrying for a while, that installing modules schg once, would break the
installation for the next time :/

The part of the kernel Makefile that made me think that way looks like:

    .if exists(${DESTDIR}/${KERNEL})
            -chflags noschg ${DESTDIR}/${KERNEL}
            mv ${DESTDIR}/${KERNEL} ${DESTDIR}/${KERNEL}.old
    .endif
            install -c -m 555 -o root -g wheel -fschg \
                    ${KERNEL}${.TARGET:S/install//} ${DESTDIR}/${KERNEL}

But now I can see that it's not because of install, that chflags was
required.  It's because of mv(1), which I tried on my schg /kernel and
saw it failing, just before posting this.

Thanks Dag-Erling, for clarifying this.

-- 
Giorgos Keramidas, < keramida @ ceid . upatras . gr>
See the headers of this message for my public key fingeprint.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000329022652.F6783>