From owner-freebsd-security@FreeBSD.ORG  Sun Mar  8 15:52:05 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 63AFA106564A
	for <freebsd-security@freebsd.org>;
	Sun,  8 Mar 2009 15:52:05 +0000 (UTC)
	(envelope-from jahilliya@gmail.com)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.230])
	by mx1.freebsd.org (Postfix) with ESMTP id 374768FC0A
	for <freebsd-security@freebsd.org>;
	Sun,  8 Mar 2009 15:52:04 +0000 (UTC)
	(envelope-from jahilliya@gmail.com)
Received: by rv-out-0506.google.com with SMTP id f6so1379999rvb.43
	for <freebsd-security@freebsd.org>;
	Sun, 08 Mar 2009 08:52:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=Z8iqKnId+N9jNRqpKpEjoMqX5i+IzmQVrsyZeSGOeiM=;
	b=i/xX9G1hivAuJJzlXYzD4BpWso8LBTm0gKjYfqsPTPr7t803u7OyzMBp/hHbOtrC9t
	3s+YlG+6obvxGKtc2UXB4hq40DhncIqBGtXadZSWqyvPGpI/+jKTKxxfscm9C0Hl3VCv
	bGZ92O6Qafa4U4JMZayKKzKiDlVJye0aIEyZM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type:content-transfer-encoding;
	b=dVKjeu1w/UC9uqY/K4uOdLS2j+WDVHEIZq/xEIo3u3ArMtkc/wppVv6CCMPe3FLzZm
	OQscQsdkAdnbonTYs+UwRiZ1oUFHhsPrcjZTXyA2cZwZSVf3IqX+LVvTScJpB0fkCZ3f
	UD0Cueh3v36+oKf7Zo/oy7xSmRRpJOWS+8t6A=
MIME-Version: 1.0
Received: by 10.141.84.21 with SMTP id m21mr2516578rvl.228.1236527524774; Sun, 
	08 Mar 2009 08:52:04 -0700 (PDT)
In-Reply-To: <m2ljrggzwc.wl%randy@psg.com>
References: <m2iqmnxupl.wl%randy@psg.com>
	<1236312264.7184.1.camel@yog-sothoth.rlyeh>
	<m2ljrggzwc.wl%randy@psg.com>
Date: Mon, 9 Mar 2009 00:52:04 +0900
Message-ID: <ba5e78ea0903080852n2d465510l73f2d3ee6ed8e0d9@mail.gmail.com>
From: Daniel Marsh <jahilliya@gmail.com>
To: Randy Bush <randy@psg.com>, freebsd-security@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: emacs installs a lot of 777 directories
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Mar 2009 15:52:05 -0000

Sorry, but when was emaca installed?

If you deinstall and reinstall after verifying the suspect directories
are deleted, and roots umask is 022 do you get the same problem?

Are you doing make install as a user and letting the port escalate
privaleges? Or do you login , sudo or su to root?

Login via tty as root, check umask and install port

Make install as user will su to root but you need to check the users umask

Sudo will use the users umask not root

su is the same as sudo

> su - root
This will work as it simulates a login and sets roots environment,
including the umask

Umask is set during login, most privilege escalation commands arth the
euid to root but not the uid, they also don't run through the login
process (ie ~/.login ) which sets up your environment

Regards
Daniel

On 3/8/09, Randy Bush <randy@psg.com> wrote:
> At Fri, 06 Mar 2009 13:04:24 +0900,
> Daniel Marsh <jahilliya@gmail.com> wrote:
>>
>> On Fri, 2009-03-06 at 11:15 +0900, Randy Bush wrote:
>> > foo.on.you:/usr/local/share# find . -type d -perm 777
>> > ./emacs/22.3/etc/tree-widget
>> > ./emacs/22.3/etc/tree-widget/folder
>> > ./emacs/22.3/etc/tree-widget/default
>> > ./emacs/22.3/etc/e
>> > ./emacs/22.3/etc/images
>> > ./emacs/22.3/etc/images/low-color
>> > ./emacs/22.3/etc/images/gnus
>> > ./emacs/22.3/etc/images/icons
>> > ./emacs/22.3/etc/images/gud
>> > ./emacs/22.3/etc/images/smilies
>> > ./emacs/22.3/etc/images/mail
>> > ./emacs/22.3/etc/images/ezimage
>> > ./emacs/22.3/lisp
>> > ./emacs/22.3/lisp/net
>> > ./emacs/22.3/lisp/progmodes
>> > ./emacs/22.3/lisp/calc
>> > ./emacs/22.3/lisp/emacs-lisp
>> > ./emacs/22.3/lisp/url
>> > ./emacs/22.3/lisp/emulation
>> > ./emacs/22.3/lisp/play
>> > ./emacs/22.3/lisp/erc
>> > ./emacs/22.3/lisp/term
>> > ./emacs/22.3/lisp/obsolete
>> > ./emacs/22.3/lisp/textmodes
>> > ./emacs/22.3/lisp/mail
>> > ./emacs/22.3/lisp/eshell
>> > ./emacs/22.3/lisp/calendar
>> > ./emacs/22.3/lisp/mh-e
>> > ./emacs/22.3/lisp/international
>> > ./emacs/22.3/lisp/gnus
>> > ./emacs/22.3/lisp/language
>> > ./emacs/22.3/leim/ja-dic
>> > ./emacs/22.3/leim/quail
>> > _______________________________________________
>> > freebsd-security@freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> > To unsubscribe, send any mail to
>> > "freebsd-security-unsubscribe@freebsd.org"
>>
>> Could this simply be an over promiscuous umask being set when Emacs was
>> installed? ie. umask 000 rather than the default umask 022 for root?
>
> root's umask is 022
>
> randy
>

-- 
Sent from my mobile device


http://buymeahouse.stiw.org/