* On Sat Mar 19, 2016 at 12:09:06PM +1100 218 , Jaime Tarrant (j...@cookiesystems.com) wrote: > Date: Sat, 19 Mar 2016 12:09:06 +1100 > From: Jaime Tarrant <j...@cookiesystems.com> > To: ports@openbsd.org > Subject: Re: pkg_add (_pfetch) - Permission denied for /root/.netrc > User-Agent: Mutt/1.5.24 (2015-08-30) > > * On Mon Feb 22, 2016 at 03:09:31PM -0700 33934 , Theo de Raadt > (dera...@cvs.openbsd.org) wrote: > > Date: Mon, 22 Feb 2016 15:09:31 -0700 > > From: Theo de Raadt <dera...@cvs.openbsd.org> > > To: Marc Espie <es...@nerim.net> > > cc: Jiri B <ji...@devio.us>, ports@openbsd.org, z...@openbsd.org, > > st...@openbsd.org, Theo de Raadt <dera...@openbsd.org> > > Subject: Re: pkg_add (_pfetch) - Permission denied for /root/.netrc > > > > > RCS file: > > > /build/data/openbsd/cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v > > > retrieving revision 1.117 > > > diff -u -p -r1.117 PackageRepository.pm > > > --- OpenBSD/PackageRepository.pm 9 Feb 2016 10:02:27 -0000 1.117 > > > +++ OpenBSD/PackageRepository.pm 22 Feb 2016 21:59:35 -0000 > > > @@ -586,8 +586,14 @@ sub drop_privileges_and_setup_env > > > $< = $uid; > > > $> = $uid; > > > } > > > - $ENV{LC_ALL} = 'C'; > > > # don't error out yet if we can't change. > > > + > > > + # proper error messages > > > + $ENV{LC_ALL} = 'C'; > > > + # sanitize env for ftp > > > + delete $ENV{HOME}; > > > + delete $ENV{PAGER}; > > > + delete $ENV{TMPDIR}; > > > } > > > > I am not sure whether this approach is sufficient. > > > > The situation here is that a process is being started (fork + exec) on > > the other side of a priv boundary. > > > > The general mode of handling environment should be: > > > > 1. sanitize is > > 2. consider thinking about this as a white-list, rather than a blacklist > > 3. that process will happily parse all env variables, since there is no > > issetugid in effect > > > > I'd like to propose > > > > 0. start with an empty environment > > 1. pass LOGNAME and USER unmolested > > 2. force PATH to the canonical default > > 3. pass SHELL unmolested, or force it to /bin/ksh > > 4. set HOME to /var/empty (no $HOME is a rare situation for programs to > > handle) > > > > You are not just satisfying the ftp binary, but also the libc it is > > using. Maybe you want to also pass some LANG type things, not sure. > > > > I noticed that line 583 of file: > > /usr/libdata/perl5/OpenBSD/PackageRepository.pm > > references the user _pkgfetch, however there is no such user on my > system (-current, updated a earlier today). Should this be the _pfetch > user instead? > > I tested changing it to _pfetch and this resolves the error - I don't > know enough to be confident that this is the right way to resolve this > though.
Sorry, I replied to the wrong thing. Please disregard.