jabber-pymsn-transport.sh doesn't default execution of the transport to the "jabber" user. This is a potential security hazard as the transport can execute as root. Fix: Add ': ${jabber_pymsn_user="jabber"}" to the startup script NOTE: The port, incorrectly, sets permissions of 0700 on directories under /usr/local/lib/jabber/pymsn/ This effectively prevents running the transport as a non-root user and needs to be fixed before the port can be made more secure. How-To-Repeat: Execute "/usr/local/etc/rc.d/jabber-pymsn-transport.sh start" as root
Responsible Changed From-To: freebsd-ports-bugs->garga Over to maintainer
There is also a problem with file permissions in /usr/local/lib/jabber/pymsn/ when executing as non-root. The port seems to use a recursive copy with permissions preservation to install files. This leaves directory and file permissions the same as in the source tarball and they appear to be non-typical e.g. 0600 for some files.
State Changed From-To: open->closed Committed. Thanks!