From nobody@FreeBSD.org  Thu Jun 10 22:41:11 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4CD221065670
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Jun 2010 22:41:11 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 3B65D8FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Jun 2010 22:41:11 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o5AMfAeQ045448
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Jun 2010 22:41:10 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o5AMfA4h045447;
	Thu, 10 Jun 2010 22:41:10 GMT
	(envelope-from nobody)
Message-Id: <201006102241.o5AMfA4h045447@www.freebsd.org>
Date: Thu, 10 Jun 2010 22:41:10 GMT
From: Serg <mail_of_sergey@mail.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] port www/sbox-dtc: quotes makes crazy UID value
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: aldis@BSDroot.lv

>Number:         147779
>Category:       ports
>Synopsis:       [patch] port www/sbox-dtc: quotes makes crazy UID value
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    rene
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 10 22:50:01 UTC 2010
>Closed-Date:    Sun Jun 13 19:54:05 UTC 2010
>Last-Modified:  Sun Jun 13 20:00:12 UTC 2010
>Originator:     Serg
>Release:        FreeBSD 8.0-RELEASE-p1 i386
>Organization:
>Environment:
FreeBSD acc.acc.tula.ru 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #2: Fri Mar 19 14:29:25 MSK 2010     root@acc.acc.tula.ru:/usr/obj/usr/src/sys/Z  i386
>Description:
The quotes at -DUID_MIN and -DGID_MIN CFLAGS makes crazy UID value.
Example:
SBOX_UIDMIN?=   1000
SBOX_GIDMIN?=   1000

Try to run cgi-script:
the directory containing /home/export/web/fluffy/cgi-bin/test.cgi must not be owned by a UID less than 134523267
But minimal UID is 1000!

Ater removing the quotes at -DUID_MIN and -DGID_MIN CFLAGS the cgi-script was run.
>How-To-Repeat:
Just install sbox and try to use it.
>Fix:
Remove the quotes around -DUID_MIN and -DGID_MIN CFLAGS.

Patch attached with submission follows:

--- Makefile	2010-06-11 02:25:42.000000000 +0400
+++ Makefile~	2010-04-19 22:55:38.000000000 +0400
@@ -20,8 +20,8 @@
 
 CFLAGS+=	-DWEB_USER='\"${WWWOWN}\"' \
 		-DWEB_GROUP='\"${WWWGRP}\"' \
-		-DUID_MIN='${SBOX_UIDMIN}' \
-		-DGID_MIN='${SBOX_GIDMIN}' \
+		-DUID_MIN='\"${SBOX_UIDMIN}\"' \
+		-DGID_MIN='\"${SBOX_GIDMIN}\"' \
 		-DSAFE_PATH='\"${SBOX_SAFEPATH}\"' \
 		-DLOG_FILE='\"${SBOX_LOGFILE}\"'
 


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Thu Jun 10 22:50:10 UTC 2010 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=147779 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: aldis@BSDroot.lv
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/147779: [patch] port www/sbox-dtc: quotes makes crazy UID value
Date: Thu, 10 Jun 2010 22:50:09 UT

 Maintainer of www/sbox-dtc,
 
 Please note that PR ports/147779 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/147779
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: Aldis Berjoza <aldis@bsdroot.lv>
To: <bug-followup@FreeBSD.org>, <mail_of_sergey@mail.ru>
Cc:  
Subject: Re: ports/147779: [patch] port www/sbox-dtc: quotes makes crazy UID
 value
Date: Fri, 11 Jun 2010 12:40:19 +0300

 Basically I accept patch.
 
 
 However PORTREVISION should be set to 1.
 Also quotes aren't required at all around ${SBOX_UIDMIN} and
 ${SBOX_GIDMIN}
 So I updated submitted patch:
 http://pastebin.com/c4jizPzc
 
 -- 
 BSDroot.lv --> coming soon
State-Changed-From-To: feedback->open 
State-Changed-By: linimon 
State-Changed-When: Fri Jun 11 15:36:24 UTC 2010 
State-Changed-Why:  
Maintainer approved, with some suggested changes. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=147779 
Responsible-Changed-From-To: freebsd-ports-bugs->rene 
Responsible-Changed-By: rene 
Responsible-Changed-When: Sun Jun 13 13:18:11 UTC 2010 
Responsible-Changed-Why:  
Grab 

http://www.freebsd.org/cgi/query-pr.cgi?pr=147779 
State-Changed-From-To: open->closed 
State-Changed-By: rene 
State-Changed-When: Sun Jun 13 19:53:45 UTC 2010 
State-Changed-Why:  
Committed, thanks 

http://www.freebsd.org/cgi/query-pr.cgi?pr=147779 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/147779: commit references a PR
Date: Sun, 13 Jun 2010 19:53:41 +0000 (UTC)

 rene        2010-06-13 19:53:32 UTC
 
   FreeBSD ports repository
 
   Modified files:
     www/sbox-dtc         Makefile 
   Log:
   Make the script runnable again by correctly passing UID_MIN and GID_MIN during
   build.
   Bump PORTREVISION
   
   PR:             ports/147779
   Submitted by:   Serg [mail_of_sergey mail.ru]
   Approved by:    maintainer, tabthorpe (mentor)
   Feature safe:   yes
   
   Revision  Changes    Path
   1.5       +3 -2      ports/www/sbox-dtc/Makefile
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
