FreeBSD Bugzilla – Attachment 29447 Details for
Bug 49969
Check port install for world-writable files/dirs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 1.93 KB, created by
Arjan de Vet
on 2003-03-12 22:10:03 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Arjan de Vet
Created:
2003-03-12 22:10:03 UTC
Size:
1.93 KB
patch
obsolete
>Index: bsd.port.mk >=================================================================== >RCS file: /home/freebsd/CVS/ports/Mk/bsd.port.mk,v >retrieving revision 1.441 >diff -u -u -w -r1.441 bsd.port.mk >--- bsd.port.mk 2 Mar 2003 02:06:56 -0000 1.441 >+++ bsd.port.mk 12 Mar 2003 21:35:00 -0000 >@@ -2912,11 +2912,10 @@ > # 2. accept()/recvfrom() which indicates network listening capability > # 3. insecure functions (gets/mktemp/tempnam/[XXX]) > # 4. startup scripts, in conjunction with 2. >-# >-# TODO: world-writable files/dirs >+# 5. world-writable files/dirs > # > -@rm -f ${WRKDIR}/.PLIST.setuid ${WRKDIR}/.PLIST.stupid \ >- ${WRKDIR}/.PLIST.network; \ >+ ${WRKDIR}/.PLIST.network ${WRKDIR}/.PLIST.writable; \ > if [ -n "$$PORTS_AUDIT" ]; then \ > stupid_functions_regexp=' (gets|mktemp|tempnam|tmpnam|strcpy|strcat|sprintf)$$'; \ > else \ >@@ -2950,9 +2949,14 @@ > fi; \ > fi; \ > fi; \ >+ if [ ! -L "${PREFIX}/$$i" ]; then \ >+ if [ -n "`/usr/bin/find ${PREFIX}/$$i -prune -perm -0002 2>/dev/null`" ]; then \ >+ echo ${PREFIX}/$$i >> ${WRKDIR}/.PLIST.writable; \ >+ fi; \ >+ fi; \ > done; \ > ${GREP} '^etc/rc.d/' ${TMPPLIST} > ${WRKDIR}/.PLIST.startup; \ >- if [ -s ${WRKDIR}/.PLIST.setuid -o -s ${WRKDIR}/.PLIST.network ]; then \ >+ if [ -s ${WRKDIR}/.PLIST.setuid -o -s ${WRKDIR}/.PLIST.network -o -s ${WRKDIR}/.PLIST.writable ]; then \ > if [ -n "$$PORTS_AUDIT" ]; then \ > echo "===> SECURITY REPORT (PARANOID MODE): "; \ > else \ >@@ -2976,6 +2980,11 @@ > echo; \ > fi; \ > fi; \ >+ if [ -s ${WRKDIR}/.PLIST.writable ] ; then \ >+ echo " This port has installed the following world-writable files/directories."; \ >+ ${CAT} ${WRKDIR}/.PLIST.writable; \ >+ echo; \ >+ fi; \ > echo " If there are vulnerabilities in these programs there may be a security"; \ > echo " risk to the system. FreeBSD makes no guarantee about the security of"; \ > echo " ports included in the Ports Collection. Please type 'make deinstall'"; \
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=29447">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 49969
: 29447