From edwin@mavetju.org  Thu Sep 18 05:36:00 2003
Return-Path: <edwin@mavetju.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9CDB216A4B3
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 18 Sep 2003 05:36:00 -0700 (PDT)
Received: from mag.barnet.com.au (mag.barnet.com.au [218.185.88.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5F6FB43FCB
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 18 Sep 2003 05:35:59 -0700 (PDT)
	(envelope-from edwin@mavetju.org)
Received: from extmail.barnet.com.au (tim.direct.int.barnet.com.au [10.10.10.2])
	by mag.barnet.com.au (Postfix) with ESMTP id 682ECF5A
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 18 Sep 2003 22:35:56 +1000 (EST)
Received: from k7.mavetju (tim.barnet.com.au [218.185.88.1])
	by extmail.barnet.com.au (Postfix) with ESMTP id 2D0751E13
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 18 Sep 2003 22:35:55 +1000 (EST)
Received: by k7.mavetju (Postfix, from userid 1001)
	id 24E3F6A7101; Thu, 18 Sep 2003 22:35:54 +1000 (EST)
Message-Id: <20030918123554.24E3F6A7101@k7.mavetju>
Date: Thu, 18 Sep 2003 22:35:54 +1000 (EST)
From: Edwin Groothuis <edwin@mavetju.org>
Reply-To: Edwin Groothuis <edwin@mavetju.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: unprivileged user, extracting of tarballs and pre-install
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         56980
>Category:       ports
>Synopsis:       unprivileged user, extracting of tarballs and pre-install
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    portmgr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 18 05:40:09 PDT 2003
>Closed-Date:    Thu Jan 03 12:37:19 UTC 2008
>Last-Modified:  Thu Jan 03 12:37:19 UTC 2008
>Originator:     Edwin Groothuis
>Release:        FreeBSD 4.8-RELEASE i386
>Organization:
-
>Environment:
System: FreeBSD k7.mavetju 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Sun Aug 17 16:04:25 EST 2003 edwin@k7.mavetju:/usr/src/sys/compile/k7 i386

>Description:

Somewhere this winter (southern hemisphere :-) a new feature was
enabled which allowed building of ports without being root, it would
su to a priviledge user before the actual install.

There are two problems with the current implementation:

- the pre-install target isn't done as priviledged user, but
  post-install is.

- tarballs with files in it with non-normal permissions (2775 for
  example, see x11-fonts/font-config) are completely extracted but
  will exit with an error value of non-zero, causing make(1) to
  fail.

>How-To-Repeat:

- Check the output of "make -n install"

- As a non-root user, try to "make extract" of x11-fonts/font-config.

>Fix:

None. Purely informative.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->portmgr  
Responsible-Changed-By: krion 
Responsible-Changed-When: Sun Nov 16 07:45:04 PST 2003 
Responsible-Changed-Why:  
portmgr profile 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56980 
State-Changed-From-To: open->suspended 
State-Changed-By: kris 
State-Changed-When: Sat Jun 5 21:23:47 PDT 2004 
State-Changed-Why:  
Suspended awaiting fix 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56980 

From: Edwin Groothuis <edwin@mavetju.org>
To: FreeBSD Gnats Submit <freebsd-gnats-submit@freebsd.org>
Cc:  
Subject: Re: ports/56980: unprivileged user, extracting of tarballs and pre-install
Date: Sun, 6 Jun 2004 14:43:56 +1000

 On Sat, Jun 05, 2004 at 09:23:59PM -0700, Kris Kennaway wrote:
 > Synopsis: unprivileged user, extracting of tarballs and pre-install
 > Suspended awaiting fix
  
 --- bsd.port.mk 31 May 2004 18:07:57 -0000      1.490
 +++ bsd.port.mk 6 Jun 2004 04:43:11 -0000
 @@ -869,6 +869,10 @@
  XARGS?=                /usr/bin/xargs
  YACC?=         /usr/bin/yacc
  
 +.if !defined(UID)
 +UID!=  ${ID} -u
 +.endif
 +
  # ECHO is defined in /usr/share/mk/sys.mk, which can either be "echo",
  # or "true" if the make flag -s is given.  Use ECHO_CMD where you mean
  # the echo command.
 @@ -1695,6 +1699,11 @@
  .else
  TAR?=  /usr/bin/tar
  .endif
 +.if ${UID} == 0
 +TAR_ARGS?=     -xf -
 +.else
 +TAR_ARGS?=     -xf --no-preserve-permissions -
 +.endif
  
  # EXTRACT_SUFX is defined in .pre.mk section
  .if defined(USE_ZIP)
 @@ -1703,7 +1712,7 @@
  EXTRACT_AFTER_ARGS?=   -d ${WRKDIR}
  .else
  EXTRACT_BEFORE_ARGS?=  -dc
 -EXTRACT_AFTER_ARGS?=   | ${TAR} -xf -
 +EXTRACT_AFTER_ARGS?=   | ${TAR} ${TAR_ARGS}
  .if defined(USE_BZIP2)
  EXTRACT_CMD?=                  ${BZIP2_CMD}
  .else
 @@ -1731,9 +1740,6 @@
  MTREE_ARGS?=   -U ${MTREE_FOLLOWS_SYMLINKS} -f ${MTREE_FILE} -d -e -p
  
  # Determine whether or not we can use rootly owner/group functions.
 -.if !defined(UID)
 -UID!=  ${ID} -u
 -.endif
  .if ${UID} == 0
  _BINOWNGRP=    -o ${BINOWN} -g ${BINGRP}
  _SHROWNGRP=    -o ${SHAREOWN} -g ${SHAREGRP}
 
 -- 
 Edwin Groothuis      |            Personal website: http://www.mavetju.org
 edwin@mavetju.org    |          Weblog: http://weblog.barnet.com.au/edwin/

From: Kris Kennaway <kris@obsecurity.org>
To: Edwin Groothuis <edwin@mavetju.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: ports/56980: unprivileged user, extracting of tarballs and pre-install
Date: Wed, 14 Jul 2004 01:11:58 -0700

 On Sat, Jun 05, 2004 at 09:50:29PM -0700, Edwin Groothuis wrote:
 > The following reply was made to PR ports/56980; it has been noted by GNATS.
 > 
 > From: Edwin Groothuis <edwin@mavetju.org>
 > To: FreeBSD Gnats Submit <freebsd-gnats-submit@freebsd.org>
 > Cc:  
 > Subject: Re: ports/56980: unprivileged user, extracting of tarballs and pre-install
 > Date: Sun, 6 Jun 2004 14:43:56 +1000
 > 
 >  On Sat, Jun 05, 2004 at 09:23:59PM -0700, Kris Kennaway wrote:
 >  > Synopsis: unprivileged user, extracting of tarballs and pre-install
 >  > Suspended awaiting fix
 >   
 >  --- bsd.port.mk 31 May 2004 18:07:57 -0000      1.490
 >  +++ bsd.port.mk 6 Jun 2004 04:43:11 -0000
 >  @@ -869,6 +869,10 @@
 >   XARGS?=                /usr/bin/xargs
 >   YACC?=         /usr/bin/yacc
 >   
 >  +.if !defined(UID)
 >  +UID!=  ${ID} -u
 >  +.endif
 >  +
 >   # ECHO is defined in /usr/share/mk/sys.mk, which can either be "echo",
 >   # or "true" if the make flag -s is given.  Use ECHO_CMD where you mean
 >   # the echo command.
 >  @@ -1695,6 +1699,11 @@
 >   .else
 >   TAR?=  /usr/bin/tar
 >   .endif
 >  +.if ${UID} == 0
 >  +TAR_ARGS?=     -xf -
 >  +.else
 >  +TAR_ARGS?=     -xf --no-preserve-permissions -
 >  +.endif
 
 You can't have tested this, because this patch contains two syntax
 errors (one pointed out by eik: you add the longopt where the file
 argument should be; and you use a nonexistent tar option).
 
 Also, I can't find evidence of this fixing something; the fontconfig
 tarball no longer seems to contain a setuid file, but I created such a
 tar archive myself and had no problems extracting it as an ordinary
 user.  I'm leaving this suspended for now.
 
 Kris

From: Edwin Groothuis <edwin@mavetju.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: ports/56980: unprivileged user, extracting of tarballs and pre-install
Date: Mon, 19 Jul 2004 18:33:21 +1000

 It seems that sysutils/gkrellm2 now has the problem:
 
 ===>  Extracting for gkrellm-2.2.1
 >> Checksum OK for gkrellm-2.2.1.tar.bz2.
 /usr/bin/tar: gkrellm-2.2.1/pixmaps/volume: Cannot change mode to 02777: Operation not permitted
 /usr/bin/tar: gkrellm-2.2.1/pixmaps/sensors: Cannot change mode to 02755: Operat
 [...]
 /usr/bin/tar: gkrellm-2.2.1: Cannot change mode to 02755: Operation not permitted
 /usr/bin/tar: Error exit delayed from previous errors
 *** Error code 1
 
 So the right syntax is --no-same-permissions, and the patch should have been:
 
  --- bsd.port.mk 31 May 2004 18:07:57 -0000      1.490
  +++ bsd.port.mk 6 Jun 2004 04:43:11 -0000
  @@ -869,6 +869,10 @@
   XARGS?=                /usr/bin/xargs
   YACC?=         /usr/bin/yacc
   
  +.if !defined(UID)
  +UID!=  ${ID} -u
  +.endif
  +
   # ECHO is defined in /usr/share/mk/sys.mk, which can either be "echo",
   # or "true" if the make flag -s is given.  Use ECHO_CMD where you mean
   # the echo command.
  @@ -1695,6 +1699,11 @@
   .else
   TAR?=  /usr/bin/tar
   .endif
  +.if ${UID} == 0
  +TAR_ARGS?=     -xf -
  +.else
  +TAR_ARGS?=     --no-same-permissions -xf -
  +.endif
   
   # EXTRACT_SUFX is defined in .pre.mk section
   .if defined(USE_ZIP)
  @@ -1703,7 +1712,7 @@
   EXTRACT_AFTER_ARGS?=   -d ${WRKDIR}
   .else
   EXTRACT_BEFORE_ARGS?=  -dc
  -EXTRACT_AFTER_ARGS?=   | ${TAR} -xf -
  +EXTRACT_AFTER_ARGS?=   | ${TAR} ${TAR_ARGS}
   .if defined(USE_BZIP2)
   EXTRACT_CMD?=                  ${BZIP2_CMD}
   .else
  @@ -1731,9 +1740,6 @@
   MTREE_ARGS?=   -U ${MTREE_FOLLOWS_SYMLINKS} -f ${MTREE_FILE} -d -e -p
   
   # Determine whether or not we can use rootly owner/group functions.
  -.if !defined(UID)
  -UID!=  ${ID} -u
  -.endif
   .if ${UID} == 0
   _BINOWNGRP=    -o ${BINOWN} -g ${BINGRP}
   _SHROWNGRP=    -o ${SHAREOWN} -g ${SHAREGRP}
  
 
 
 -- 
 Edwin Groothuis      |            Personal website: http://www.mavetju.org
 edwin@mavetju.org    |          Weblog: http://weblog.barnet.com.au/edwin/
State-Changed-From-To: suspended->feedback 
State-Changed-By: linimon 
State-Changed-When: Wed May 16 21:41:43 UTC 2007 
State-Changed-Why:  
Discuss among portmgr leads us to speculate that this problem is now moot 
that we have switched to bsdtar.  Can the submitter confirm this? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56980 
State-Changed-From-To: feedback->open 
State-Changed-By: edwin 
State-Changed-When: Wed May 16 21:47:51 UTC 2007 
State-Changed-Why:  
Tarballs with the earlier symptons don't show this behaviour anymore. 

But... (the first one is extracted as root, the second one as edwin) 

[/usr/ports/sysutils/gkrellm2] edwin@k7>ls -al work/gkrellm-2.2.10 | grep pixmaps 
drwxr-xr-x  18 root  wheel   1024 Apr 18  2002 pixmaps 


[/usr/ports/sysutils/gkrellm2] edwin@k7>ls -al work.new/gkrellm-2.2.10 | grep pixmap 
drwxr-sr-x  18 edwin  wheel   1024 Apr 18  2002 pixmaps 

I don't know if the groups s flag is important, if considered not 
then this PR can be closed. 



http://www.freebsd.org/cgi/query-pr.cgi?pr=56980 
State-Changed-From-To: open->closed 
State-Changed-By: pav 
State-Changed-When: Thu Jan 3 12:35:01 UTC 2008 
State-Changed-Why:  
"this PR can be closed." Do so. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56980 
>Unformatted:
