Skip to main content.

2002-Sep-30

Noticed on security report some directories had wrong permissions. Several were writable, like etc, etc/defaults, etc/mtree and more. (Looking back to the 425kB security report from the first morning after upgrade, I see it had this problem in it too.)

I fixed these, but I don't know how it happened in first place. I had untarred etc.tgz file, and I know my umask didn't cause that. (And I tried again for testing, and the permissions were correct.)

And I saw skel was writable too. So I fixed it. I send-pr'd a patch for this: misc/18476.

Looking around I saw world-writable directories like: /var/spool/texfonts/tfm, /var/spool/texfonts/source /var/spool/uucppublic, /var/spool/sockets and writable files under un-writable postfix directories.

build.sh should check for gnu sources instead of later failing if missing: 

nbmake: "/home/src/usr/src/tools/dbsym/../Makefile.host" line 26: Could not
find /home/src/usr/src/tools/dbsym/../../gnu/usr.sbin/dbsym/Makefile
nbmake: Fatal errors encountered -- cannot continue
(I fixed by unpacking gnusrc.tgz.) And it should check for usr.sbin/config too instead of: 
nbmake: "/home/src/usr/src/tools/config/../Makefile.host" line 26: Could not
find /home/src/usr/src/tools/config/../../usr.sbin/config/Makefile
nbmake: Fatal errors encountered -- cannot continue
(Fixed by untarring syssrc.tgz.)

I used: "time ./build.sh -U -D /home/src". The -U switch for unprivileged (no root needed). The 1.6 build was quick: 

real    81m54.513s
user    27m36.166s
sys     5m35.056s
When finished it complained about missing /etc files (but "build" target does not do etc, but "distribution" target does). For unprivileged, it created a METALOG file with mtree(8) specifications. For example, the make did: 
(cd /home/src/usr/src/gnu/usr.bin/texinfo/install-info && /home/src/usr/src/tools/obj/tools.NetBSD-1.6_RC1-i386/bin/nbmake infodir-meta)
echo "/home/src/usr/share/info/dir type=file mode=0644 uname=root gname=wheel" |
sed -e 's|^/|./|g' -e 's|//|/|g' |
/home/src/usr/src/tools/obj/tools.NetBSD-1.6_RC1-i386/bin/nbcat -l  >>/home/src/METALOG
Some example entries in the 12923-line METALOG were: 
./home/src type=dir mode=0755 uname=root gname=wheel
./home/src/sys type=link mode=0755 link=usr/src/sys uname=root gname=wheel
./home/src/usr/include/a.out.h type=file mode=0444 uname=root gname=wheel
...
./home/src/usr/lkm/coda.o type=file mode=0444 uname=root gname=wheel
./home/src/usr/share/man/whatis.db type=file mode=0444 uname=root gname=wheel
./home/src/usr/share/info/dir type=file mode=0644 uname=root gname=wheel
Then pax(1) can be used with -M option to override real permissions/times with those from specification file. This is done in distrib/sets/maketars. So no superuser privileges needed!