From nobody Sun Nov 26 18:26:33 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SdccZ3gydz52cDv;
	Sun, 26 Nov 2023 18:26:38 +0000 (UTC)
	(envelope-from gbe@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SdccZ174bz4P8g;
	Sun, 26 Nov 2023 18:26:38 +0000 (UTC)
	(envelope-from gbe@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1701023198;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=1KNyVvzfPN/NJGb3xhiGe09zIp/5CzLS0MkijEcWLU0=;
	b=mJozW3cPCkYXyQ/Muf3nzauKsh8XFoUmPhw9e7DzN3lCgcQcDJXad1/PzhBRUAFvWfUw7t
	JM08w3wISzMbE4cpP047BIIuFmtzj/LpGx9VWV7+Sf834mrwN5hodHTkUSQleaDi9yfnwM
	oulcKHs/r0uQMkKAHk6ShY7JmZqlBImUWp+S2ItbdpcIPSpBrDZGxEko0JO4it54t6laIu
	ygvFf48iRmVY8tIPcVxXrTih9jJGgVXKoUP/vIcBZSMsEX30AVOduvdocglE2klRgSZyQC
	WyxxrkER3Z6CevI7jhWAf5ND2khhGg3NHYWvDwSsc8FHuxFTLsHFxsSrWTFrjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1701023198;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=1KNyVvzfPN/NJGb3xhiGe09zIp/5CzLS0MkijEcWLU0=;
	b=ePWkRb7WVuL6IeZbuoEJVaS2SkWhCLqJM6B4TbaomfteHEfgc2XOTPAhmaVFQdzJrnOw7u
	CnlAm4pzlZo6ZJ0X1xt+cRXiKNF/OCDr9AUOCSC0yCFD70hZFgg2xTWOfZZY9Ow5l67VZh
	GLT/uqtFNtmsgnOzZjC1IkAHkzEBqpvGaeDbJucCOIqt15jlIW/sWYVCLetQrAyiQ9C7KD
	1q9hmLtfjaDJZCHeNUSRJeq7bhUjfjZxuC7D8rGQhJs100wbjCgAm1wv/RgPWHpYibzI9m
	vEYzk9pkG1pmj7hzeE7bHxAwWrQF1eAhNmj+sDN7Qjim719Fu/xXId7JFdU0GQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701023198; a=rsa-sha256; cv=none;
	b=Ahb8jc5BvoWQvhJTaIeEmcP13URfjvX/cVp+upNbvLEq0XTu6WJUG6IWQiFov9URIClNci
	naieAlUNrlSCuCZOLs8Zpl0G5qrXqG1iNR2PbkYBFg1IqBv0RdGDKL/t8aba7qC+Nmdd/U
	xcd9yL1Yk7f945GPZlzmQUgykxV7CILYhNVhoNxF2aSieXtdzgNN32CE4aaqVaQnwWw68s
	o/9eQNbOtWmtN2IzYRH14+IXVXfQw2gt7JaajqTh7S66be3+tBpMHcHQFiqxdmDEuEWG/N
	nntDl9LmuOdTzfcIjwlnO7G/WMj0kET2qk7wDBC/AvuDzy/19alpo+wOVR5c6Q==
Received: from localhost (p200300cb87078219405f699cd58532eb.dip0.t-ipconnect.de [IPv6:2003:cb:8707:8219:405f:699c:d585:32eb])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: gbe)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4SdccY4Pn8z28C;
	Sun, 26 Nov 2023 18:26:37 +0000 (UTC)
	(envelope-from gbe@freebsd.org)
Date: Sun, 26 Nov 2023 19:26:33 +0100
From: Gordon Bergling <gbe@freebsd.org>
To: Mateusz Guzik <mjguzik@gmail.com>
Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org,
	dev-commits-src-main@freebsd.org
Subject: Re: git: a6ed8c959303 - main - Fix /root permissions after 'make
 installworld'
Message-ID: <ZWON2WUWTKMeasfX@bastion.ttyv0.de>
References: <202311161000.3AGA0Cxc058517@gitrepo.freebsd.org>
 <CAGudoHF-7MUGi5OXqC+2WQm+E0NUeywCu=SR6tJMEtu-CqDO_A@mail.gmail.com>
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="PVoNsnnJuMct7nza"
Content-Disposition: inline
In-Reply-To: <CAGudoHF-7MUGi5OXqC+2WQm+E0NUeywCu=SR6tJMEtu-CqDO_A@mail.gmail.com>
X-Url: <https://www.ttyv0.de/>
X-Operating-System: FreeBSD 14.0-RELEASE amd64
X-Host-Uptime: 7:22PM  up  7:55, 3 users, load averages: 0.12, 0.19, 0.18


--PVoNsnnJuMct7nza
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Mateusz,

On Thu, Nov 16, 2023 at 02:21:53PM +0100, Mateusz Guzik wrote:
> On 11/16/23, Gordon Bergling <gbe@freebsd.org> wrote:
> > The branch main has been updated by gbe:
> >
> > URL:
> > https://cgit.FreeBSD.org/src/commit/?id=3Da6ed8c9593031abf6fa73661be55c=
226caa362d6
> >
> > commit a6ed8c9593031abf6fa73661be55c226caa362d6
> > Author:     Thomas Eberhardt <sneakywumpus@gmail.com>
> > AuthorDate: 2023-11-16 09:59:38 +0000
> > Commit:     Gordon Bergling <gbe@FreeBSD.org>
> > CommitDate: 2023-11-16 09:59:38 +0000
> >
> >     Fix /root permissions after 'make installworld'
> >
> >     According to /etc/mtree/BSD.root.dist /root should have
> >     0750 permissions, but the build target 'make installworld'
> >     changes these to 0755.
> >
> >     This is caused by the installation of the configuration
> >     files of sh(1) and csh(1).
> >
> >     Correct this by specifying the correct default /root permissions.
> >
> >     PR:     273342
> >     Reviewed by:    jilles
> >     Approved by:    jilles
> >     MFC after:      2 weeks
> >     Differential Revision:https://reviews.freebsd.org/D42395
> > ---
> >  bin/csh/Makefile | 1 +
> >  bin/sh/Makefile  | 1 +
> >  2 files changed, 2 insertions(+)
> >
> > diff --git a/bin/csh/Makefile b/bin/csh/Makefile
> > index 1f996df3999b..94e1ba763d6e 100644
> > --- a/bin/csh/Makefile
> > +++ b/bin/csh/Makefile
> > @@ -15,6 +15,7 @@ ROOTPACKAGE=3D	csh
> >  ETC=3D	csh.cshrc csh.login csh.logout
> >  ROOT=3D	dot.cshrc dot.login
> >  ROOTDIR=3D	/root
> > +ROOTDIR_MODE=3D	0750
>=20
> This is at best a total workaround, the real bug is that root dir gets
> modified to begin with and there will be other cases prone to cause
> the same problem.
>=20
> More importantly, is not this a regression from security pov?

I am unsure if this is a regression, but it fixed the problem about overrid=
en
permissions from 'make installworld'. I keep an eye on the PR and when I ha=
ve
time I'll try to come up with a better solution, but I am far from beeing an
expert in the build framework.

--Gordon

--PVoNsnnJuMct7nza
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEYbWI0KY5X7yH/Fy4OQX2V8rP09wFAmVjjdEACgkQOQX2V8rP
09zA0QgAvNy1Bv7xCO5ozp+/2laO3zVhXoixnjjh8puaMs8DUrA3BzR4Z/lWLJ58
HL9S8EEXHwmcPdWYpRY8hdjJdYpIu5j9YsENGqesMvqngRiAnfNC+lngOYWZXp9Y
3OssaD5CIRNwK+y8L2YCGAqZOtciCJqXMOCkFtiKJLlX9lnkDbVmEms6r30uNzZd
DacckGh6UZiX/OSlsrzw6FGyqOZ7hRTj7/rlUo8We++xNgZTCPTVRLi0X2bfqdrL
kPZ2cmUXXTFmsBrePoHYfrv2nKXDkD2mIk281akS08x7Sco6PhSi9BLyYizkhSjw
MB9eCmxyfIrRkcZeCm3nqlRS4BnMCw==
=N7pr
-----END PGP SIGNATURE-----

--PVoNsnnJuMct7nza--