261329 – freebsd-update IDS has nonsensical output when link permissions are wrong

Bug 261329 - freebsd-update IDS has nonsensical output when link permissions are wrong

Summary: freebsd-update IDS has nonsensical output when link permissions are wrong

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	13.0-RELEASE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-01-19 10:56 UTC by Martin Waschbüsch
Modified:	2022-01-19 11:03 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Waschbüsch 2022-01-19 10:56:29 UTC

if a symlink (for instance in the certificate store, but affects other stuff as well) has the wrong permissions, freebsd-update IDS will output nonsensical errors:

freebsd-update IDS
...
/etc/ssl/blacklisted/dc45b0bd.0 is a symlink, but should be a 
/etc/ssl/blacklisted/ee1365c0.0 is a symlink, but should be a 
/etc/ssl/blacklisted/f90208f7.0 is a symlink, but should be a 
...

This rather suggests that those items should not be symlinks when in fact it is the permissions that are incorrect.


Steps to reproduce:
symlinks in /etc/ssl/blacklisted/ are supposed to have permissions of 755.

Let's deviate from that expectation:
chmod o-rwx /etc/ssl/blacklisted/*

and then run
freebsd-update IDS



PS: I cam across this because "certctl rehash" apparently obeys changes to umask in login.conf. I'll create an additional PR for that (assuming that information about blacklisted certs should indeed be readable by world).

Comment 1 Martin Waschbüsch 2022-01-19 11:03:13 UTC

for the "certctl rehash" issue, see bug 261330