From owner-freebsd-security  Tue Mar 28 15:26:59 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.hellasnet.gr (mail.hellasnet.gr [212.54.192.3])
	by hub.freebsd.org (Postfix) with ESMTP id 3C2C537B598
	for <security@FreeBSD.ORG>; Tue, 28 Mar 2000 15:26:55 -0800 (PST)
	(envelope-from keramida@ceid.upatras.gr)
Received: from hades.hell.gr (ppp2.patr.hellasnet.gr [212.54.197.17])
	by mail.hellasnet.gr (8.9.1/8.9.1) with ESMTP id BAA21961;
	Wed, 29 Mar 2000 01:25:35 +0200 (GMT)
Received: (from charon@localhost)
	by hades.hell.gr (8.9.3/8.9.3) id CAA07292;
	Wed, 29 Mar 2000 02:26:52 +0300 (EEST)
	(envelope-from charon)
Date: Wed, 29 Mar 2000 02:26:52 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: Frank Tobin <ftobin@uiuc.edu>, security@FreeBSD.ORG
Subject: Re: Installing modules schg
Message-ID: <20000329022652.F6783@hades.hell.gr>
Reply-To: keramida@ceid.upatras.gr
References: <Pine.BSF.4.21.0003270554300.69450-100000@isr4033.urh.uiuc.edu> <xzpbt3zxo51.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <xzpbt3zxo51.fsf@flood.ping.uio.no>; from des@flood.ping.uio.no on Tue, Mar 28, 2000 at 02:41:46PM +0200
X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06  D6 21 2A C8 8C 16 C0 8E
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Mar 28, 2000 at 02:41:46PM +0200, Dag-Erling Smorgrav wrote:
> Frank Tobin <ftobin@uiuc.edu> writes:
> > [...]
> > "Preserves all file flags" doesn't exactly explain to what extent install
> > will go to to clear the current flags so it can get its job done.
> 
> Apologies.
> 
> In brief: it can at least handle the case where the previously
> existing file was schg. This is done routinely by various Makefiles in
> the cases of ld-elf.so.1, mail.local, rcp and friends, and kernels.

I'm glad to hear this, since I had seen the relevant section of the
kernel makefile, and it uses chflags before calling install.  It had me
worrying for a while, that installing modules schg once, would break the
installation for the next time :/

The part of the kernel Makefile that made me think that way looks like:

    .if exists(${DESTDIR}/${KERNEL})
            -chflags noschg ${DESTDIR}/${KERNEL}
            mv ${DESTDIR}/${KERNEL} ${DESTDIR}/${KERNEL}.old
    .endif
            install -c -m 555 -o root -g wheel -fschg \
                    ${KERNEL}${.TARGET:S/install//} ${DESTDIR}/${KERNEL}

But now I can see that it's not because of install, that chflags was
required.  It's because of mv(1), which I tried on my schg /kernel and
saw it failing, just before posting this.

Thanks Dag-Erling, for clarifying this.

-- 
Giorgos Keramidas, < keramida @ ceid . upatras . gr>
See the headers of this message for my public key fingeprint.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message