From nobody@FreeBSD.org  Sun Sep  9 08:32:57 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4A0F116A41A
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  9 Sep 2007 08:32:57 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 46DF613C481
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  9 Sep 2007 08:32:57 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l898WvVU053414
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 9 Sep 2007 08:32:57 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l898WvHW053413;
	Sun, 9 Sep 2007 08:32:57 GMT
	(envelope-from nobody)
Message-Id: <200709090832.l898WvHW053413@www.freebsd.org>
Date: Sun, 9 Sep 2007 08:32:57 GMT
From: Nate Eldredge <neldredge@ucsd.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: editors/emacs: files installed with wrong owner
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: keramida@ceid.upatras.gr

>Number:         116222
>Category:       ports
>Synopsis:       files installed with the wrong UID/GID via make install inside plain 'su' session
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    portmgr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 09 08:40:01 GMT 2007
>Closed-Date:    Wed May 28 14:59:54 UTC 2014
>Last-Modified:  Wed May 28 14:59:54 UTC 2014
>Originator:     Nate Eldredge
>Release:        6.2-RELEASE-p5
>Organization:
>Environment:
FreeBSD vulcan.lan 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #2: Sun Jun 10 13:55:21 PDT 2007     nate@vulcan.lan:/usr/obj/usr/src/sys/VULCAN  amd64

>Description:
When installing the emacs port under "su", some of the files are installed as the user running "su" rather than as root.

$ whoami
nate
$ su
# portupgrade -N emacs
[install editors/emacs]
# ls -l /usr/local/share/emacs/22.1/
total 22
drwxr-xr-x   5 nate  wheel   3072 Sep  9 01:19 etc
drwxr-xr-x   4 root  wheel    512 Sep  9 01:19 leim
drwxr-xr-x  20 nate  wheel  12800 Sep  9 01:19 lisp
drwxr-xr-x   2 root  wheel    512 Sep  9 01:19 site-lisp

The contents of etc/ and lisp/ are likewise owned by nate.

You might consider this a security problem, since now "nate" can tweak the lisp files and cause everyones' emacs to do funny things.  Of course in this case, "nate" was able to su to root anyway, but you could imagine scenarios where this isn't the case.
>How-To-Repeat:
portupgrade -N emacs
>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Sun Sep 9 08:40:08 UTC 2007 
State-Changed-Why:  
Awaiting maintainers feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=116222 
Responsible-Changed-From-To: freebsd-ports-bugs->keramida 
Responsible-Changed-By: vs 
Responsible-Changed-When: Thu Sep 20 12:13:28 UTC 2007 
Responsible-Changed-Why:  
Maintainer is committer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=116222 

From: Giorgos Keramidas <keramida@freebsd.org>
To: Nate Eldredge <neldredge@ucsd.edu>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: ports/116222: editors/emacs: files installed with wrong owner
Date: Thu, 27 Sep 2007 19:14:43 +0300

 On 2007-09-09 08:32, Nate Eldredge <neldredge@ucsd.edu> wrote:
 > >Number:         116222
 > >Category:       ports
 > >Synopsis:       editors/emacs: files installed with wrong owner
 
 > When installing the emacs port under "su", some of the files are
 > installed as the user running "su" rather than as root.
 >
 > $ whoami
 > nate
 > $ su
 > # portupgrade -N emacs
 > [install editors/emacs]
 > # ls -l /usr/local/share/emacs/22.1/
 > total 22
 > drwxr-xr-x   5 nate  wheel   3072 Sep  9 01:19 etc
 > drwxr-xr-x   4 root  wheel    512 Sep  9 01:19 leim
 > drwxr-xr-x  20 nate  wheel  12800 Sep  9 01:19 lisp
 > drwxr-xr-x   2 root  wheel    512 Sep  9 01:19 site-lisp
 >
 > The contents of etc/ and lisp/ are likewise owned by nate.
 
 Good catch, thanks.  I just repeated the installation with:
 
 	keramida> cd ~/ports/editors/emacs
 	keramida> make
 	keramida> su make install
 
 and some of the files in /usr/local are now owned by group 'users',
 instead of 'wheel'.
 
 Can you try using "su -" to install the port?  There's nothing special
 about editors/emacs in the way the files are copied to `/usr/local', but
 it uses tar(1) to copy files in `/usr/local'.  This means that when the
 files are copied, tar(1) tries to preserve the owner and/or group of the
 original files.
 
 It's probably a bad idea to use chown -R to set the owner of the files,
 as this would probably break non-root installations of the port to
 non-default places.
 
 > You might consider this a security problem, since now "nate" can tweak
 > the lisp files and cause everyones' emacs to do funny things.  Of
 > course in this case, "nate" was able to su to root anyway, but you
 > could imagine scenarios where this isn't the case.
 
 Right.  I will ask our friendly Ports team about hints and tips to
 handle this :-)
 
 One possible solution to this problem is to use "su -" before running
 the portupgrade command, which will set your effective user ID to
 'root' too.  This is just a workaround, and not a permanent fix, so
 I'll keep the problem report open while I get help from Ports gurus.
 

From: Nate Eldredge <neldredge@math.ucsd.edu>
To: Giorgos Keramidas <keramida@freebsd.org>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: ports/116222: editors/emacs: files installed with wrong owner
Date: Thu, 27 Sep 2007 11:10:16 -0700 (PDT)

 On Thu, 27 Sep 2007, Giorgos Keramidas wrote:
 
 > On 2007-09-09 08:32, Nate Eldredge <neldredge@ucsd.edu> wrote:
 >>> Number:         116222
 >>> Category:       ports
 >>> Synopsis:       editors/emacs: files installed with wrong owner
 >
 >> When installing the emacs port under "su", some of the files are
 >> installed as the user running "su" rather than as root.
 > [...]
 > Can you try using "su -" to install the port?  There's nothing special
 > about editors/emacs in the way the files are copied to `/usr/local', but
 > it uses tar(1) to copy files in `/usr/local'.  This means that when the
 > files are copied, tar(1) tries to preserve the owner and/or group of the
 > original files.
 
 That fixes it, but I agree it should not be necessary.
 
 Thanks for looking at this.
 
 [Resent because I forgot to cc gnats.]
 
 -- 
 
 Nate Eldredge
 neldredge@math.ucsd.edu
State-Changed-From-To: feedback->open 
State-Changed-By: keramida 
State-Changed-When: Mon Jan 14 00:14:10 UTC 2008 
State-Changed-Why:  
Nate has verified that 'su -' fixes the permissions problems. 
Put back into the `open' state, while I'm asking our Ports 
gurus is this can be avoided, or we should just close the PR 
with ``known issue, please use `su -' to install''. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=116222 

From: Giorgos Keramidas <keramida@freebsd.org>
To: Nate Eldredge <neldredge@ucsd.edu>
Cc: bug-followup@freebsd.org
Subject: Re: ports/116222: editors/emacs: files installed with wrong owner
Date: Wed, 16 Jan 2008 08:50:51 +0200

 Adding to audit trail...
 
 > Put back into the `open' state, while I'm asking our Ports 
 > gurus is this can be avoided, or we should just close the PR 
 > with ``known issue, please use `su -' to install''. 
 
 freebsd-ports thread started with message <20080116064901.GA63469@kobe.laptop>
 
State-Changed-From-To: open->suspended 
State-Changed-By: linimon 
State-Changed-When: Sat May 24 16:08:11 UTC 2008 
State-Changed-Why:  
This seems to be a problem with the way UID/GIDs are done.  It's not 
ports-specific. 

Mark as suspended until someone comes up with a good solution. 


Responsible-Changed-From-To: keramida->portmgr 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat May 24 16:08:11 UTC 2008 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=116222 
State-Changed-From-To: suspended->closed 
State-Changed-By: bapt 
State-Changed-When: Wed May 28 14:59:52 UTC 2014 
State-Changed-Why:  
fixed by design with stage 

http://www.freebsd.org/cgi/query-pr.cgi?pr=116222 
>Unformatted:
