misc/47645: /etc/daily and /etc/security may use wrong pkg

Discussion:

misc/47645: /etc/daily and /etc/security may use wrong pkg_admin

u***@NetBSD.org

2013-03-14 03:30:00 UTC

Number: 47645
Category: misc
Synopsis: /etc/daily and /etc/security may use wrong pkg_admin
Confidential: no
Severity: non-critical
Priority: low
Responsible: misc-bug-people
State: open
Class: sw-bug
Submitter-Id: net
Arrival-Date: Thu Mar 14 03:30:00 +0000 2013
Originator: Valery Ushakov
Release: NetBSD 6.1

This is a follow up to security/36746, which was fixed by making
location of pkg_info binary configurable.

Since that time /etc/security started using pkg_admin, which has the
same problem. And /etc/daily also started using pkg_info and pkg_admin
with the same results.
Install pkgtools/pkg_install package.
Disable pkg_install in base (/usr/sbin) by making it non-executable.
Observe daily and security failing with:

/etc/daily: pkg_info: permission denied

/etc/security: pkg_admin: permission denied

a***@NetBSD.org

2013-05-01 05:37:36 UTC

Permalink

Synopsis: /etc/daily and /etc/security may use wrong pkg_admin

State-Changed-From-To: open->feedback
State-Changed-By: ***@NetBSD.org
State-Changed-When: Wed, 01 May 2013 05:37:35 +0000
State-Changed-Why:
I committed a fix for this - pls let me know if everything's OK.

Alistair G. Crooks

2013-05-01 05:40:04 UTC

Permalink

The following reply was made to PR misc/47645; it has been noted by GNATS.

From: "Alistair G. Crooks" <***@netbsd.org>
To: gnats-***@gnats.NetBSD.org
Cc:
Subject: PR/47645 CVS commit: src
Date: Wed, 1 May 2013 05:36:26 +0000

Module Name: src
Committed By: agc
Date: Wed May 1 05:36:25 UTC 2013

Modified Files:
src/distrib/sets/lists/etc: mi
src/etc: daily security
src/etc/defaults: Makefile security.conf
Added Files:
src/etc: pkgpath.conf
src/etc/defaults: pkgpath.conf

Log Message:
Fix for problematic paths in /etc/daily and /etc/security reported in
PR/47645.

Add a separate file which contains the paths for the pkg_admin and
pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it
from pkg.conf).

Thanks also to Edgar Fuss for the sanity check.

To generate a diff of this commit:
cvs rdiff -u -r1.230 -r1.231 src/distrib/sets/lists/etc/mi
cvs rdiff -u -r1.88 -r1.89 src/etc/daily
cvs rdiff -u -r0 -r1.1 src/etc/pkgpath.conf
cvs rdiff -u -r1.111 -r1.112 src/etc/security
cvs rdiff -u -r1.5 -r1.6 src/etc/defaults/Makefile
cvs rdiff -u -r0 -r1.1 src/etc/defaults/pkgpath.conf
cvs rdiff -u -r1.24 -r1.25 src/etc/defaults/security.conf

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Alistair G. Crooks

2013-05-01 16:00:11 UTC

Permalink

d***@NetBSD.org

2013-12-23 23:38:06 UTC

Permalink

Synopsis: /etc/daily and /etc/security may use wrong pkg_admin

State-Changed-From-To: feedback->closed
State-Changed-By: ***@NetBSD.org
State-Changed-When: Mon, 23 Dec 2013 23:38:06 +0000
State-Changed-Why:
Feedback timeout.

Valery Ushakov

2014-10-20 22:50:01 UTC

Permalink

The following reply was made to PR misc/47645; it has been noted by GNATS.

From: Valery Ushakov <***@stderr.spb.ru>
To: gnats-***@NetBSD.org
Cc:
Subject: Re: PR/47645 CVS commit: src/etc
Date: Tue, 21 Oct 2014 01:26:08 +0400

Please, can these commits be pulled up to -6?

Sorry I missed the feedback window :). I had to upagrade via fresh
install (new hdd) and realized this is not in -6.

-uwe

d***@NetBSD.org

2014-10-21 14:01:53 UTC

Permalink

Synopsis: /etc/daily and /etc/security may use wrong pkg_admin

State-Changed-From-To: closed->open
State-Changed-By: ***@NetBSD.org
State-Changed-When: Tue, 21 Oct 2014 14:01:53 +0000
State-Changed-Why:
pullup-6 is desired.

David Holland

2014-10-21 14:05:00 UTC

Permalink

The following reply was made to PR misc/47645; it has been noted by GNATS.

From: David Holland <dholland-***@netbsd.org>
To: gnats-***@NetBSD.org
Cc:
Subject: Re: PR/47645 CVS commit: src/etc
Date: Tue, 21 Oct 2014 14:03:43 +0000

Post by Valery Ushakov
Please, can these commits be pulled up to -6?
Sorry I missed the feedback window :). I had to upagrade via fresh
install (new hdd) and realized this is not in -6.

I think this might be considered a bit invasive for -6 since it adds a
new widget in /etc. I remember the original commits not being entirely
popular because of this...

releng?

--
David A. Holland
***@netbsd.org

Martin Husemann

2014-10-21 14:11:03 UTC

Permalink

The older the release, the more likely this situation will happen, so a
pullup to -6 would make sense for me.

Martin

Martin Husemann

2014-10-21 14:15:00 UTC

Permalink

The following reply was made to PR misc/47645; it has been noted by GNATS.

From: Martin Husemann <***@duskware.de>
To: gnats-***@NetBSD.org
Cc: misc-bug-***@netbsd.org, gnats-***@netbsd.org,
netbsd-***@netbsd.org, ***@NetBSD.org
Subject: Re: PR/47645 CVS commit: src/etc
Date: Tue, 21 Oct 2014 16:11:03 +0200

The older the release, the more likely this situation will happen, so a
pullup to -6 would make sense for me.

Martin

Valery Ushakov

2014-10-21 14:45:01 UTC

Permalink

Post by David Holland
I think this might be considered a bit invasive for -6 since it adds a
new widget in /etc. I remember the original commits not being entirely
popular because of this...

The new file was added b/c both /etc/daily and /etc/security use pkg_*
tools. daily only uses them to fetch pkg-vulnerabilities and,
arguably, that belongs to security in the first place. Of course,
changing that in -6 now would be even more troublesome.

-uwe

David Holland

2014-10-21 15:05:00 UTC

Permalink

Post by Valery Ushakov

Post by David Holland
I think this might be considered a bit invasive for -6 since it adds a
new widget in /etc.

The new file was added b/c both /etc/daily and /etc/security use pkg_*
tools.

Yes, I realize that...

--
David A. Holland
***@netbsd.org