From aehlig@linta.de  Tue May 17 21:13:12 2011
Return-Path: <aehlig@linta.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7E7211065679
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 17 May 2011 21:13:12 +0000 (UTC)
	(envelope-from aehlig@linta.de)
Received: from linta.de (isilmar-3.linta.de [188.40.101.200])
	by mx1.freebsd.org (Postfix) with ESMTP id E51BA8FC24
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 17 May 2011 21:13:11 +0000 (UTC)
Received: (qmail 26603 invoked by uid 10); 17 May 2011 21:13:10 -0000
Received: from kta1c10 by isilmar.linta.de with BSMTP; 17 May 2011 21:13:10 -0000
Received: by kta1c10.sesnet.soton.ac.uk (Postfix, from userid 1001)
	id B4D2639834; Tue, 17 May 2011 22:13:02 +0100 (BST)
Message-Id: <20110517211302.B4D2639834@kta1c10.sesnet.soton.ac.uk>
Date: Tue, 17 May 2011 22:13:02 +0100 (BST)
From: Klaus Aehlig <aehlig@linta.de>
Reply-To: Klaus Aehlig <aehlig@linta.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [maintainer] misc/findutils fix usage of su(1) in gupdatedb
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         157129
>Category:       ports
>Synopsis:       [maintainer] misc/findutils fix usage of su(1) in gupdatedb
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    culot
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 17 21:20:08 UTC 2011
>Closed-Date:    Fri May 20 12:21:10 UTC 2011
>Last-Modified:  Fri May 20 12:30:13 UTC 2011
>Originator:     Klaus Aehlig
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
>Environment:
System: FreeBSD kta1c10.sesnet.soton.ac.uk 8.2-STABLE FreeBSD 8.2-STABLE #1: Tue Apr 19 17:22:20 BST 2011 root@kta1c10.sesnet.soton.ac.uk:/usr/obj/usr/src/sys/KTA1C10 amd64

>Description:
	misc/findutils brings a script gupdatedb to update the database for glocate.
        To support restricting the database to only contain readable by a specific
        user (in order to avoid leaking sensitive information from the file structure)
        su(1) is used to call gfind(1). However, the assumption about how to call su(1)
        differs from su(1) as provided by FreeBSD. This has the effect that su(1) fails
        (resulting in an empty database) when a user with nologin as login shell
        is used, like the nobody user.

>How-To-Repeat:
	/usr/local/bin/gupdatedb --localuser=nobody
>Fix:

	add the following patch to the files subdirectory of the port
        and bump PORTREVISION.

--- patch-locate__updatedb.sh begins here ---
--- locate/updatedb.sh.orig	2011-04-03 23:53:12.000000000 +0100
+++ locate/updatedb.sh	2011-05-17 18:20:29.000000000 +0100
@@ -250,7 +250,7 @@
 if test -n "$SEARCHPATHS"; then
   if [ "$LOCALUSER" != "" ]; then
     # : A1
-    su $LOCALUSER `select_shell $LOCALUSER` -c \
+    su -m $LOCALUSER -c \
     "$find $SEARCHPATHS $FINDOPTIONS \
      \\( $prunefs_exp \
      -type d -regex '$PRUNEREGEX' \\) -prune -o $print_option"
@@ -266,7 +266,7 @@
 myuid=`getuid`
 if [ "$myuid" = 0 ]; then
     # : A3
-    su $NETUSER `select_shell $NETUSER` -c \
+    su -m $NETUSER -c \
      "$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
     exit $?
   else
@@ -319,7 +319,7 @@
 if test -n "$SEARCHPATHS"; then
   if [ "$LOCALUSER" != "" ]; then
     # : A5
-    su $LOCALUSER `select_shell $LOCALUSER` -c \
+    su -m $LOCALUSER -c \
     "$find $SEARCHPATHS $FINDOPTIONS \
      \( $prunefs_exp \
      -type d -regex '$PRUNEREGEX' \) -prune -o $print_option" || exit $?
@@ -335,7 +335,7 @@
   myuid=`getuid`
   if [ "$myuid" = 0 ]; then
     # : A7
-    su $NETUSER `select_shell $NETUSER` -c \
+    su -m $NETUSER -c \
      "$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
     exit $?
   else
--- patch-locate__updatedb.sh ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->culot 
Responsible-Changed-By: culot 
Responsible-Changed-When: Fri May 20 12:07:22 UTC 2011 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=157129 
State-Changed-From-To: open->closed 
State-Changed-By: culot 
State-Changed-When: Fri May 20 12:21:08 UTC 2011 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=157129 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/157129: commit references a PR
Date: Fri, 20 May 2011 12:21:03 +0000 (UTC)

 culot       2011-05-20 12:20:54 UTC
 
   FreeBSD ports repository
 
   Modified files:
     misc/findutils       Makefile 
   Added files:
     misc/findutils/files patch-locate__updatedb.sh 
   Log:
   - Add a patch to fix usage of su(1) in the gupdatedb script provided
     with findutils
   - Bump PORTREVISION
   
   PR:             ports/157129
   Submitted by:   Klaus Aehlig <aehlig@linta.de> (maintainer)
   
   Revision  Changes    Path
   1.45      +1 -0      ports/misc/findutils/Makefile
   1.1       +38 -0     ports/misc/findutils/files/patch-locate__updatedb.sh (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
