I install /comms/minicom with /comms/lrzsz. When I try to send file on zmodem through minicom, I see this message: lsz: this program was never intended to be used setuid Fix: set suid bit on /usr/local/bin/lsz and /usr/local/bon/lrz
Responsible Changed From-To: freebsd-ports-bugs->dinoex Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->feedback The port does not set suid. -r-xr-xr-x 3 root wheel 75540 Jun 3 03:11 /usr/local/bin/lrb* -r-xr-xr-x 3 root wheel 75540 Jun 3 03:11 /usr/local/bin/lrx* -r-xr-xr-x 3 root wheel 75540 Jun 3 03:11 /usr/local/bin/lrz* -r-xr-xr-x 3 root wheel 79732 Jun 3 03:11 /usr/local/bin/lsb* -r-xr-xr-x 3 root wheel 79732 Jun 3 03:11 /usr/local/bin/lsx* -r-xr-xr-x 3 root wheel 79732 Jun 3 03:11 /usr/local/bin/lsz* Please check your installation.
State Changed From-To: feedback->analyzed This must be your minicom setup. The code in lsr/lsrz is: if (getuid()!=geteuid()) { error(1,0, _("this program was never intended to be used setuidn")); } Setting suid in lrz is really a bad idea. Any user would be able to overwrite /etc/master_passwd and otehr system files. I will not set lrz/lsz SUID.
State Changed From-To: analyzed->closed Feedback timeout. Solution: Use groups to give access to the serial devies. for example: pw usermod minicomuser -g dialer
The problem still exists and the solution proposed in comment #4 won't work [without additional changes]. However the solution proposed in the original report is not correct too. The problem is not with an individual minicom configuration, but with the port itself. It installs the executable like this: -r-s--x--x 1 uucp dialer 190304 14 May 10:51 /usr/local/bin/minicom That means that euid is that of uucp and hence the complaint. I think that the real solution would be to install _minicom_ with the setuid bit. Then doing what Dirk suggested will help. And I think that that's the way to do it.
The default permissions group "dialer" works well to allow any normal user to access a modem. $ ls -l /dev/cuaU0* crw-rw---- 1 uucp dialer 0x72 2 Juli 06:30 /dev/cuaU0 crw-rw---- 1 uucp dialer 0x73 22 Juni 23:01 /dev/cuaU0.init crw-rw---- 1 uucp dialer 0x74 22 Juni 23:01 /dev/cuaU0.lock $ ls -ld /var/spool/lock/ drwxrwxr-x 2 uucp dialer 4 2 Juli 06:24 /var/spool/lock// My proposed solution: install _minicom_ without the setuid bit. Add the executing user to the group "dialer" for example: chmod 555 /usr/local/bin/minicom pw usermod "useraccount" -g dialer
(In reply to Dirk Meyer from comment #6) Yes, I completely agree.
Maintainer reset.
A commit references this bug: Author: dinoex Date: Tue Feb 4 11:10:22 UTC 2020 New revision: 525148 URL: https://svnweb.freebsd.org/changeset/ports/525148 Log: - remove SUID bit, users must be added to group dialer PR: 149462 - update MASTER_SITES - make portlint happier Changes: head/comms/minicom/Makefile head/comms/minicom/files/patch-minirc.dfl head/comms/minicom/files/patch-src-minicom.h head/comms/minicom/files/patch-src-script.c head/comms/minicom/files/patch-src-updown.c head/comms/minicom/files/patch-src-window.c head/comms/minicom/files/patch-sysdep1.c head/comms/minicom/pkg-plist
minicom port was updated
(In reply to commit-hook from comment #9) Hi Dirk, A similar patch was pending since 2018, so happy to see you handled this. Could you also close-FIXED Bug 230753? It seems you forgot to bump PORTREVISION. Moreover, minicom's binary has now owner set to root:wheel, so there may be an omission based on your instruction "users must be added to group dialer".
(In reply to Samy Mahmoudi from comment #11) Please ignore the part related to ownership: the device files have proper owner so it does not seem necessary to change minicom's binary ownership.