Bug 203287

Summary: security/maia: fix permissions handling
Product: Ports & Packages Reporter: Dmitry Marakasov <amdmi3>
Component: Individual Port(s)Assignee: Dmitry Marakasov <amdmi3>
Status: Closed FIXED    
Severity: Affects Many People CC: ek
Priority: --- Flags: bugzilla: maintainer-feedback? (ek)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch
none
Patch to remove CHOWN in Makefile and adjust permissions in www dir. none

Description Dmitry Marakasov freebsd_committer freebsd_triage 2015-09-23 16:25:37 UTC 
Created attachment 161309 [details]
Patch

maia chowns its WWWDIR from Makefile. This is broken - owner should be set from pkg-plist. The patch fixes this.

Actually though, WWWDIR (apart from directories which require write access) should not be owned by www at all and this is a security problem.
Comment 1 commit-hook freebsd_committer freebsd_triage 2015-10-08 13:20:39 UTC 
A commit references this bug:

Author: amdmi3
Date: Thu Oct  8 13:19:42 UTC 2015
New revision: 398821
URL: https://svnweb.freebsd.org/changeset/ports/398821

Log:
  - Move file owner handling to plist, fix stage as non-root

  PR:		203287
  Submitted by:	amdmi3
  Approved by:	maintainer timeout (ek@purplehat.org, 2 weeks)

Changes:
  head/security/maia/Makefile
  head/security/maia/pkg-plist
Comment 2 ek 2015-10-08 14:40:22 UTC 
Created attachment 161828 [details]
Patch to remove CHOWN in Makefile and adjust permissions in www dir.
Comment 3 ek 2015-10-08 14:41:23 UTC 
Thanks for pointing this out Dmitry. I've applied your patch as well as removed the group and ownership changes in the www directory that aren't needed.