From andrews@freebsd.syd.ntt.net.au  Thu Feb 19 21:34:04 2004
Return-Path: <andrews@freebsd.syd.ntt.net.au>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EDE6B16A535
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 19 Feb 2004 21:34:04 -0800 (PST)
Received: from freebsd.syd.ntt.net.au (freebsd.syd.ntt.net.au [203.111.7.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7275A43D1F
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 19 Feb 2004 21:34:04 -0800 (PST)
	(envelope-from andrews@freebsd.syd.ntt.net.au)
Received: from freebsd.syd.ntt.net.au (localhost [127.0.0.1])
	by freebsd.syd.ntt.net.au (8.12.8p1/8.12.8) with ESMTP id i1K5Y2OR068031
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 Feb 2004 16:34:02 +1100 (EST)
	(envelope-from andrews@freebsd.syd.ntt.net.au)
Received: (from andrews@localhost)
	by freebsd.syd.ntt.net.au (8.12.8p1/8.12.8/Submit) id i1K5Y2pk068030;
	Fri, 20 Feb 2004 16:34:02 +1100 (EST)
Message-Id: <200402200534.i1K5Y2pk068030@freebsd.syd.ntt.net.au>
Date: Fri, 20 Feb 2004 16:34:02 +1100 (EST)
From: Andrew <andrew@ugh.net.au>
Reply-To: Andrew <andrew@ugh.net.au>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: bsd.port.mk warns that symlinks are world writeable
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         63112
>Category:       ports
>Synopsis:       [patch] bsd.port.mk warns that symlinks are world writeable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    portmgr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 19 21:40:13 PST 2004
>Closed-Date:    Thu Apr 01 23:36:02 PST 2004
>Last-Modified:  Thu Apr 01 23:36:02 PST 2004
>Originator:     Andrew
>Release:        FreeBSD 4.8-RELEASE-p4 i386
>Organization:
UgH!
>Environment:
System: FreeBSD freebsd.syd.ntt.net.au 4.8-RELEASE-p18 FreeBSD 4.8-RELEASE-p18 #0: Wed Sep 10 18:31:36 EST 2003 andrews@freebsd.syd.ntt.net.au:/usr/obj/usr/src/sys/FREEBSD i386


	
>Description:

When installing a port that installs a symbolic link (such as lang/ruby16)
a warning is printed about these links in the world writeable section of
the security report. I'm not sure this is correct behaviour as that writeable
bit doesn't really mean that for symlinks (actually what do the permissions
on a symlink mean?).

>How-To-Repeat:
	
>Fix:

The below patch just excludes symlinks from the report.

--- bsd.port.mk.orig	Fri Feb 20 16:00:23 2004
+++ bsd.port.mk	Fri Feb 20 16:12:24 2004
@@ -3642,7 +3642,7 @@
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
 	| ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f \( -perm -4000 -o -perm -2000 \) \( -perm -0010 -o -perm -0001 \) 2> /dev/null > ${WRKDIR}/.PLIST.setuid; \
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
-	| ${XARGS} -0 -J % ${FIND} % -prune -perm -0002 2> /dev/null > ${WRKDIR}/.PLIST.writable; \
+	| ${XARGS} -0 -J % ${FIND} % -prune -perm -0002 \! -type l 2> /dev/null > ${WRKDIR}/.PLIST.writable; \
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
 	| ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f -print0 2> /dev/null \
 	| ${XARGS} -0 -n 1 /usr/bin/objdump -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump; \
@@ -3705,7 +3705,7 @@
 			fi; \
 		fi; \
 		if [ ! -L "${PREFIX}/$$i" ]; then \
-			if [ -n "`${FIND} ${PREFIX}/$$i -prune -perm -0002 2>/dev/null`" ]; then \
+			if [ -n "`${FIND} ${PREFIX}/$$i -prune -perm -0002 \! -type l 2>/dev/null`" ]; then \
 				 ${ECHO_CMD} ${PREFIX}/$$i >> ${WRKDIR}/.PLIST.writable; \
 			fi; \
 		fi; \

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->portmgr  
Responsible-Changed-By: krion 
Responsible-Changed-When: Thu Feb 19 23:08:34 PST 2004 
Responsible-Changed-Why:  
portmgr business 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63112 
State-Changed-From-To: open->analyzed 
State-Changed-By: kris 
State-Changed-When: Sat Mar 20 18:46:32 PST 2004 
State-Changed-Why:  
Will be tested on the next bento 4-exp run 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63112 
State-Changed-From-To: analyzed->closed 
State-Changed-By: kris 
State-Changed-When: Thu Apr 1 23:35:56 PST 2004 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63112 
>Unformatted:
