Bug 203198 - mail/ecartis: fix build from plain user, revisit plist perms
Summary: mail/ecartis: fix build from plain user, revisit plist perms
Status: Closed Feedback Timeout
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Dmitry Marakasov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-18 17:44 UTC by Dmitry Marakasov
Modified: 2016-06-05 03:39 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (jtrigg)


Attachments
Patch for [1] (2.74 KB, patch)
2015-09-18 17:44 UTC, Dmitry Marakasov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Marakasov freebsd_committer 2015-09-18 17:44:51 UTC
Created attachment 161173 [details]
Patch for [1]

- Fix build from plain user; don'r set set[ug]id bits from install, set them via plist [1]
- Plist should be revisited: only directories/files which are intended to be modified by ecartis process should be owned by ecartis:ecartis. Otherwise it's a security problem.
Comment 1 Jim Trigg 2015-10-01 15:46:09 UTC
Approved by maintainer.
Comment 2 commit-hook freebsd_committer 2015-10-01 17:31:43 UTC
A commit references this bug:

Author: amdmi3
Date: Thu Oct  1 17:31:34 UTC 2015
New revision: 398374
URL: https://svnweb.freebsd.org/changeset/ports/398374

Log:
  - Fix build from plain user; don'r set set[ug]id bits from install, set them via plist

  PR:		203198
  Submitted by:	amdmi3
  Approved by:	jtrigg@ecartis.net (maintainer)

Changes:
  head/mail/ecartis/files/patch-Makefile
  head/mail/ecartis/pkg-plist
Comment 3 Dmitry Marakasov freebsd_committer 2015-10-01 17:32:57 UTC
Patch committed, but you still need to fix plist: only directories or files which need to be writable should be owned by ecartis.
Comment 4 Dmitry Marakasov freebsd_committer 2015-11-24 14:51:28 UTC
Any news on this?
Comment 5 Jim Trigg 2016-06-05 03:39:49 UTC
Yes, the entire /usr/local/ecartis directory structure needs to be owned by the ecartis user as ecartis is currently written. It is a matter for upstream (which I also am, but this is significantly lower on the priority list than some other issues).