DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3 Weeks Ago
acampbell acampbell is offline
Real Name: Anthony Campbell
Fdisk Soldier
 
Join Date: Sep 2014
Location: London, UK
Posts: 80
Default Security problem with permission

The cups package creates an /etc/printcap link with permission 0755. The daily run of the security script says that this should be 0644. I can reset this, of course, but it reverts to the default on the next upgrade of cups.

Alternatively, I can edit /etc/mtree/special to accept 0755 but this is lost when I upgrade the base system.

The security man page says:
security also provides hooks for administrators to create their own lists. These lists should be kept in /etc/mtree/ and filenames must have the suffix “.secure”.
And it gives examples of entries. So I made a file called "/etc/mtree/printcap.secure" with the line: "chmod 0644 /etc/printcap" but this doesn't help. Perhaps I misunderstood the example.

So far the only work-around I've found is to make an entry in root's crontab to change the permission every night. This works but doesn't seem very elegant.

Can anyone suggest what I'm doing wrong?

Last edited by acampbell; 3 Weeks Ago at 09:47 AM.
Reply With Quote
  #2   (View Single Post)  
Old 3 Weeks Ago
Maxnix's Avatar
Maxnix Maxnix is offline
Port Guard
 
Join Date: Feb 2016
Posts: 24
Default

Just a wild guess: are you sure that the script doesn't "think" that the file itself has such permissions? As far as I recall, symlinks are always created with the exec bit set.
__________________
The world doesn't live off jam and fancy perfumes - it lives off bread and meat and potatoes. Nothing changes. All the big fancy stuff is sloppy stuff that crashes. I don't need dancing baloney - I need stuff that works. -- Theo de Raadt
Reply With Quote
  #3   (View Single Post)  
Old 3 Weeks Ago
acampbell acampbell is offline
Real Name: Anthony Campbell
Fdisk Soldier
 
Join Date: Sep 2014
Location: London, UK
Posts: 80
Default

Well, the message I get is this:

permissions (0644, 0755)
mtree special: exit code 2

In OBSD (unlike linux) you can change the permissions of symbolic links with
chmod -h. If I change it to 0644 the error goes away.
Reply With Quote
  #4   (View Single Post)  
Old 3 Weeks Ago
acampbell acampbell is offline
Real Name: Anthony Campbell
Fdisk Soldier
 
Join Date: Sep 2014
Location: London, UK
Posts: 80
Default

I've now found a discussion of this problem on marc.info openbsd-bugs. It was supposed to have been fixed in -current in 2016 but it doesn't seem to have been. I'll submit a report.
Reply With Quote
  #5   (View Single Post)  
Old 2 Weeks Ago
ibara's Avatar
ibara ibara is offline
WR Slowest SNOBOL4 laptop
 
Join Date: Jan 2014
Posts: 514
Default

Make sure to report back with the result!
Reply With Quote
  #6   (View Single Post)  
Old 2 Weeks Ago
acampbell acampbell is offline
Real Name: Anthony Campbell
Fdisk Soldier
 
Join Date: Sep 2014
Location: London, UK
Posts: 80
Default Fixed in latest -current

I emailed the CUPS maintainer, Antoine Jacoutot, who is always helpful. He has uploaded a new version of the package to -current and that has created /etc/printcap with the correct permission after a reboot.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Security problem in VMware vSphere 5 J65nko News 0 31st May 2012 08:13 AM
Security problem in PuTTY SSH client fixed J65nko News 0 12th December 2011 04:26 PM
security LOG problem paul-lkw FreeBSD General 5 9th July 2009 05:05 AM
Samba + Ldap... permission problem coppermine FreeBSD General 3 13th October 2008 10:00 AM
Apache Problem ( Permission ) dctr FreeBSD General 8 27th May 2008 09:48 PM


All times are GMT. The time now is 07:19 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick