Date: Mon, 27 May 2013 14:45:05 -0500 From: sindrome <sindrome@gmail.com> To: Simon Wright <simon.wright@gmx.net> Cc: FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <CAFzAeSd_LnkCSjzSyj8DJLNiDrSjma=vt4Jsbcmo5MFOKyZC8g@mail.gmail.com> In-Reply-To: <519A9C7D.3040101@gmx.net> References: <CAFzAeSdgRotc34%2BeyfVHZBA-QGUCWJ1MZDYw1ysRxEV9MhG2BQ@mail.gmail.com> <8661yedqyy.wl%poyopoyo@puripuri.plala.or.jp> <CAFzAeSe4YTdUiqcxSDUGDf6fQEeDK_sDVYym1hsck8fms8kJqA@mail.gmail.com> <20130520143853.79242743@raksha.tavi.co.uk> <519A9C7D.3040101@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Guys,
I just got home from being out of town and the problem still persists even
after I removed . from my path.
echo $PATH
/bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:
Here's what I get when I portupgrade an outdated port.
/usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning:
Insecure world writable dir /tmp/ in PATH, mode 041777
/usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning:
Insecure world writable dir /tmp/ in PATH, mode 041777
/usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning:
Insecure world writable dir /tmp/ in PATH, mode 041777
/usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning:
Insecure world writable dir /tmp/ in PATH, mode 041777
On Mon, May 20, 2013 at 4:58 PM, Simon Wright <simon.wright@gmx.net> wrote:
> On 20/05/2013 15:38, Bob Eager wrote:
>
>> On Mon, 20 May 2013 08:03:09 -0500
>> sindrome <sindrome@gmail.com> wrote:
>>
>> What I think is happening is that portupgrade is building and running
>> shell scripts in /tmp. It's running them with (in ruby):
>>
>> system('/tmp/script') [roughly]
>>
>> The ruby runtime is checking the *path-to-the-command* and THAT is what
>> it's complaining about.
>>
>> Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world
>> writable temporary directory.
>>
>> I have an older ports tree on this machine or I'd try it myself. I had
>> to download the latest sources to check all this,
>>
>
> Trying to summarise what I've tested here with the results.
>
> My PKG_TMPDIR and TMPDIR are set to /var/tmp:
>
> pkgtools.conf:
>
> ENV['TMPDIR'] ||= '/var/tmp'
> ENV['PKG_TMPDIR'] ||= '/var/tmp'
> ENV['PORTSDIR'] ||= '/usr/ports'
> ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages'
>
> from /usr/local/etc/sudoers:
> # Uncomment if needed to preserve environmental variables related to the
> # FreeBSD pkg_* utilities and fetch.
> Defaults env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR
> PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE"
>
> [simon@vmserver04 ~]$ ls -ld /var/tmp
> drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/
>
> Note: /var/tmp is not world writeable
>
> [simon@vmserver04 ~]$ echo $PATH
> /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/**
> usr/local/bin:/usr/X11R6/bin:/**usr/local/scripts:
>
> root@vmserver04:/root # echo $PATH
> /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/**
> usr/local/bin:/root/bin
>
> I run portupgrade via sudo but both $PATH's show no /tmp or .
>
> [simon@vmserver04 ~]$ ruby -v
> ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9]
>
> portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and
> management tool s
>
> Other (not likely) relevant stuff:
> - I have /usr/ports mounted rw with NFS
> - I have the packages directory mounted rw with NFS and amd then redefine
> $PACKAGES to point to the mount point
> This has been working for several years with no issues
>
> [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade*
> ---> Reading default options: -v -D -l /var/tmp/portupgrade.results_
> 20130520-22:**56:25 -L /var/tmp/portupgrade/%s::%s.**log
> ---> Session started at: Mon, 20 May 2013 22:56:26 +0200
> ** None has been installed or upgraded.
> ---> Saving the results to '/var/tmp/portupgrade.results_20130520-22**
> :56:25'
> /usr/local/lib/ruby/site_ruby/**1.8/pkgtools/pkgtools.rb:483: warning:
> Insecure world writable dir /tmp/ in PATH, mode 041777
>
> Still the complaint about /tmp/
>
> [simon@vmserver04 ~]$ sudo chmod 1775 /tmp
>
> [simon@vmserver04 ~]$ ls -ld /tmp
> drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/
>
> [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade*
> ---> Reading default options: -v -D -l /var/tmp/portupgrade.results_
> 20130520-23:**16:07 -L /var/tmp/portupgrade/%s::%s.**log
> ---> Session started at: Mon, 20 May 2013 23:16:07 +0200
> ** None has been installed or upgraded.
> ---> Saving the results to '/var/tmp
> /portupgrade.results_20130520-23:16:07'
> ---> Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed 00:00:00)
>
> No more complaint.
>
> I can't read the portupgrade code well enough to see what it's doing with
> the script, but if Bob is right that Ruby is running the portupgrade
> commands from /tmp then the error is within the checks in Ruby which is
> saying the 777 permission on /tmp is not acceptable, 775 *is* acceptable.
> Which is strange since surely then everyone with 777 permissions on /tmp
> would be seeing this message? Does this get us any further?
>
> Thanks for all the input, it is appreciated.
>
> Cheers
>
> Simon.
>
> ______________________________**_________________
> freebsd-ports@freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-ports<http://lists.freebsd.org/mailman/listinfo/freebsd-ports>;
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@**freebsd.org<freebsd-ports-unsubscribe@freebsd.org>
> "
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFzAeSd_LnkCSjzSyj8DJLNiDrSjma=vt4Jsbcmo5MFOKyZC8g>