portupgrade regression?

Simon L. Nielsen simon at FreeBSD.org
Fri Apr 22 07:06:27 PDT 2005 

On 2005.04.22 01:44:25 -0500, Jon Noack wrote:
> Ever since the security fix for CAN-2005-0610, portupgrade and company 
> have been behaving oddly for me.  The root cause of this seems to be 
> that the pkgdb is being updated needlessly with every operation:

After the patch pkgdb.fixme is created in /var/db/pkg, which causes
the portupgrade package database update check to always fail.

> One side effect is that it is no longer possible to run portversion as a 
> normal user:
> 
> [noackjr:~] $ portversion -v | grep -v "="
> The pkgdb must be updated.  Please run 'pkgdb -u' as root.
> [noackjr:~] $

I hadn't heard about that problem before :-/.

> I don't quite understand the CAN-2005-0610 patch.  Why are we ignoring 
> @tmp_dir?

By default @tmp_dir point to a world writeable directory which make it
vulnerable to standard symlink attacks.  It's correct that this is not
a problem if you set TMPDIR or PKG_TMPDIR to a non world-writeable
directory, but most people don't do that (since they don't really have
a reason to).

> I have no problem with @tmp_dir defaulting to a secure 
> location, but why can't I configure it so that my normal user account 
> can use portversion?  Heck, I don't even really know what the 
> pkgdb.fixme file is used for, just that changing its path breaks 
> portversion.  I have set PKG_TMPDIR to a location where my normal user 
> account has write access (as mentioned in the VuXML entry: 
> http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html), 
> but with @tmp_dir being ignored it has no effect.

Correct, since that was only a workaround for older portupgrade
releases, portupgrade 20041226_2 with patch-CAN-2005-0610 does not
need this.

pkgdb.fixme is used by portupgrade to signal that the package database
should be rebuild.  Since it's used (from what I can gather) between
different portupgrade processes it has to be a well known filename, so
just creating it under our the secure temporary directory (the one
patch-CAN-2005-0610 creates) won't work since it then has a "random"
filename.

> Am I trying to do something that I shouldn't?  What is the correct
> behavior here?

It is definitely a bug that the package database is rebuild every
time, and portversion fails due to that problem.  The solution is
probably to create pkgdb.fixme in another directory, but I haven't yet
found a secure and reliable fix.  I am looking into it (and if anybody
has good ideas, or patches, please contact me).

-- 
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20050422/d2eaca43/attachment.bin

More information about the freebsd-ports mailing list