sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-05-04 15:37:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
ports/mail/mailman/files/patch-bin_check__perms
Matthias Andree b337c05a03 mail/mailman: fix some permission issues, realign template policy 
- tighten up permissions on install dirs even more, patching
  bin/check_perms to not complain - fewer directories or files belong
  in mailman's hand or need group write permissions.

- revert 2.1.30's "make templates samples" because the upstream has
  always instead provided a templates/site dir here and warned users that
  default templates will be overwritten on updates or reinstallation
  https://wiki.list.org/DOC/4.48%20How%20can%20I%20change%20the%20HTML%20or%20.txt%20templates%20used%20by%20my%20mailing%20lists%3F
  changed templates will be written to different directories, the site,
  domain-specific or list-specific directory

- adjust pkg-plist such that a no-script install, a regular install
  with post-install script run, and check_perms agree on permissions,
  however with tighter write permissions than the default install,
  as a security-in-depth safety precaution. [1]

- revise files/pkg-install.in accordingly

- boil down files/pkg-message.in texts a little bit

- bump PORTREVISION

PR:		245853
Reported by:	manu@ (IRC) [1]
2020-04-25 22:41:21 +00:00

35 lines
1.5 KiB
Text
Raw Blame History

This might be submitted upstream, had not upstream decided
that 2.1.30 is the final release.
The messages/ directory with its .mo/.po files, and the
top installation directory, do not require group write
permissions.
-- Matthias Andree (mandree@FreeBSD.org, 2020-04-14)
--- bin/check_perms.orig 2020-04-13 19:08:14.000000000 +0200
+++ bin/check_perms 2020-04-25 17:50:19.448831000 +0200
@@ -143,6 +143,14 @@ def checkwalk(arg, dirname, names):
elif (os.path.commonprefix((path, mm_cfg.QUEUE_DIR))
== mm_cfg.QUEUE_DIR):
targetperms = QFILEPERMS
+ elif (path == mm_cfg.PREFIX or os.path.split(path)[1] in
+ ('archives', 'bin', 'cgi-bin', 'cron', 'icons', 'mail', 'scripts',)
+ or '/messages' in path
+ or '/templates' in path
+ or '/tests' in path
+ or '/Mailman' in path):
+ # don't require LC_MESSAGES to be group writable
+ targetperms = DIRPERMS & ~S_IWGRP & ~S_ISGID
else:
targetperms = DIRPERMS
octperms = oct(targetperms)
@@ -192,7 +200,7 @@ def checkall():
if e.errno <> errno.ENOENT: raise
print C_('WARNING: directory does not exist: %(d)s')
continue
- if (mode & DIRPERMS) <> DIRPERMS:
+ if (mode & DIRPERMS) <> DIRPERMS and d <> mm_cfg.PREFIX:
STATE.ERRORS += 1
print C_('directory must be at least 02775: %(d)s'),
if STATE.FIX:
Reference in a new issue View git blame Copy permalink