Date: Sat, 07 Mar 2026 00:22:03 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 293628] security/doas: Update port to version 6.4 - bug fix permissions Message-ID: <bug-293628-7788@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293628 Bug ID: 293628 Summary: security/doas: Update port to version 6.4 - bug fix permissions Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jsmith@resonatingmedia.com Created attachment 268590 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=268590&action=edit Update port to match upstream, fix permissions This patch for the security/doas port introduces two changes: 1. It updates the port to match upstream's latest version. This fixes some typos in the documentation and causes doasedit to better handle shell variables and find the best text editor for altering files. 2. Originally the FreeBSD port used BINMODE to setuid the doas executable program. This worked okay when there was just one executable file in the port, but BINMODE is applied universally (to all programs and scripts). This means helper scripts like doasedit, which are meant to be run as a regular user, were also installed as setuid. This is a potential security issue. The attached patch uses default/regular permissions for all files _except_ the doas program, which is set to mode 4755. There doesn't appear to be any "correct" way to handle this in the ports handbook, so the updated Makefile just sets the mode using the "install" program. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-293628-7788>