Bug 203198 - mail/ecartis: fix build from plain user, revisit plist perms
Summary: mail/ecartis: fix build from plain user, revisit plist perms
Status: Closed Feedback Timeout
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Dmitry Marakasov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-18 17:44 UTC by Dmitry Marakasov
Modified: 2016-06-05 03:39 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (jtrigg)

Attachments
Patch for [1] (2.74 KB, patch)
2015-09-18 17:44 UTC, Dmitry Marakasov 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Marakasov freebsd_committer freebsd_triage 2015-09-18 17:44:51 UTC 
Created attachment 161173 [details]
Patch for [1]

- Fix build from plain user; don'r set set[ug]id bits from install, set them via plist [1]
- Plist should be revisited: only directories/files which are intended to be modified by ecartis process should be owned by ecartis:ecartis. Otherwise it's a security problem.
Comment 1 Jim Trigg 2015-10-01 15:46:09 UTC 
Approved by maintainer.
Comment 2 commit-hook freebsd_committer freebsd_triage 2015-10-01 17:31:43 UTC 
A commit references this bug:

Author: amdmi3
Date: Thu Oct  1 17:31:34 UTC 2015
New revision: 398374
URL: https://svnweb.freebsd.org/changeset/ports/398374

Log:
  - Fix build from plain user; don'r set set[ug]id bits from install, set them via plist

  PR:		203198
  Submitted by:	amdmi3
  Approved by:	jtrigg@ecartis.net (maintainer)

Changes:
  head/mail/ecartis/files/patch-Makefile
  head/mail/ecartis/pkg-plist
Comment 3 Dmitry Marakasov freebsd_committer freebsd_triage 2015-10-01 17:32:57 UTC 
Patch committed, but you still need to fix plist: only directories or files which need to be writable should be owned by ecartis.
Comment 4 Dmitry Marakasov freebsd_committer freebsd_triage 2015-11-24 14:51:28 UTC 
Any news on this?
Comment 5 Jim Trigg 2016-06-05 03:39:49 UTC 
Yes, the entire /usr/local/ecartis directory structure needs to be owned by the ecartis user as ecartis is currently written. It is a matter for upstream (which I also am, but this is significantly lower on the priority list than some other issues).