Bug 222572 - mail/rainloop fails to set required permissions in data directory
Summary: mail/rainloop fails to set required permissions in data directory
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-24 19:29 UTC by Palle Girgensohn
Modified: 2017-09-25 16:22 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (loic.blot)


Attachments
fix ownership of data directory and installed files (1.94 KB, patch)
2017-09-24 19:29 UTC, Palle Girgensohn
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Palle Girgensohn freebsd_committer 2017-09-24 19:29:03 UTC
Created attachment 186680 [details]
fix ownership of data directory and installed files

The two rainloop ports fail to set the required ownership on its data directory. The directory is created with ownership set to root. rainloop wants to write there as thw web server user.

Also, it sets the owner of all the php program files to the web user, which is not necessary and could be a potentials security problem. 

The suggested patch modifies this behaviour. Is it OK to commit?

Palle
Comment 1 loic.blot 2017-09-25 10:34:44 UTC
Comment on attachment 186680 [details]
fix ownership of data directory and installed files

Hello,

thanks for your patch.

is this possible to make EMPTY and VERSION owned by root ?

Also, why index.php is written by www-data, this is a possible security problem
Comment 2 Palle Girgensohn freebsd_committer 2017-09-25 13:03:21 UTC
Ah yes, you're right, they should all be owned by root.

Just change to this?


+%%WWWDIR%%/data/EMPTY
+%%WWWDIR%%/data/VERSION
+%%WWWDIR%%/index.php
+@owner %%WWWOWN%%
+@group %%WWWGRP%%
+@dir %%WWWDIR%%/data
Comment 3 loic.blot 2017-09-25 13:06:43 UTC
Yes, please use this syntax :)
Comment 4 Palle Girgensohn freebsd_committer 2017-09-25 16:07:12 UTC
excellent. I'll fix and commit.
Comment 5 commit-hook freebsd_committer 2017-09-25 16:21:54 UTC
A commit references this bug:

Author: girgen
Date: Mon Sep 25 16:21:23 UTC 2017
New revision: 450621
URL: https://svnweb.freebsd.org/changeset/ports/450621

Log:
  Make sure we don't install program files as the web user

  It is sufficient that the data directory is writable.

  PR:		222572
  Approved by:	maintainer

Changes:
  head/mail/rainloop/Makefile
  head/mail/rainloop/pkg-plist
  head/mail/rainloop-community/pkg-plist