From yds@CoolRat.org Tue Jan 15 14:53:13 2002 Return-Path: Received: from CoolRat.org (bgp431251bgs.union01.nj.comcast.net [68.36.218.89]) by hub.freebsd.org (Postfix) with ESMTP id 2D13237B419; Tue, 15 Jan 2002 14:53:12 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) (uid 1001) by CoolRat.org with local; Tue, 15 Jan 2002 17:53:10 -0500 Message-Id: Date: Tue, 15 Jan 2002 17:53:10 -0500 From: Yarema Reply-To: Yarema To: FreeBSD-gnats-submit@freebsd.org Cc: dwhite@FreeBSD.org, lioux@FreeBSD.org, dinoex@FreeBSD.org Subject: Section 15.15 of the FreeBSD Porter's Handbook needs to be updated. X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 33929 >Category: docs >Synopsis: Section 15.15 of the FreeBSD Porter's Handbook needs to be updated. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-doc >State: closed >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Jan 15 15:00:02 PST 2002 >Closed-Date: Wed Jun 30 02:33:47 GMT 2004 >Last-Modified: Wed Jun 30 02:33:47 GMT 2004 >Originator: Yarema >Release: FreeBSD 4.5-RC i386 >Organization: CoolRat.org >Environment: System: FreeBSD volyn.coolrat.org 4.5-RC FreeBSD 4.5-RC #0: Thu Jan 10 04:09:32 EST 2002 root@volyn.coolrat.org:/usr/obj/usr/src/sys/TIGER100 i386 >Description: Now that PR31473 has been committed, Section 15.15 of the FreeBSD Porter's Handbook needs to be updated. I chose to add user 'courier' and group 'courier' as UID and GID 62. There's a problem with that section of the Handbook. Since the qmail users are not sorted by UID 'msql' and 'qmails' ended up with the same UID which is probaly a security hole for either one or both of those ports. The same thing could be said about 'ifmail' sharing the same UID with 'pgsql'. While putting 'ifmail' in group 'uucp' might be the Right Thing (TM) for that port. Using the same UID as PostgreSQL is probably a Bad Thing (TM). The patch below updates: doc/en_US.ISO8859-1/books/porters-handbook/book.sgml doc/ru_RU.KOI8-R/books/porters-handbook/book.sgml doc/ja_JP.eucJP/books/porters-handbook/book.sgml to bring them all in sync. Changes include adding user 'bind' UID 53 to the top of the list, adding user 'courier' and sorting the list by UID so that future UID duplication is easier to avoid. User 'bind' UID 53 already exists in /usr/src/etc/master.passwd and this section documents UIDs 50 through 999. So user 'bind' clearly needs to be documented here. Of interest to the mail/sendmail port is that I removed: smmsp:*:90:90:Sendmail Queue:/nonexistent:/nonexistent since user 'smmsp' already exists as UID 25 in /usr/src/etc/master.passwd -- patching the mail/sendmail port to use UID 25 instad of 90 makes more sense (to me at least). The patch is gzipped and uuencoded since it contains both ru_RU.KOI8-R and ja_JP.eucJP encodings which are not 7bit. >How-To-Repeat: >Fix: begin 644 PortersHandbook.diff.gz M'XL("".H1#P"`U!O_XCRA MC<3QC\3Y84U3896F#D:[955YFQS[-O%P?#,[7MK_YY8'0&+BA\8&9>Q':).V M<=4FW8:T(1`/4,0/#2%>N<=.FZ1CI>VVATEI3^/Z^GZ/SSWV.9_;"H(`)C5$ MXER:+B0G"I.YG)H79+%(Z7N>6*5NC;B>4-8=$T?"X:17JMA)ZEJE8P6]!F=U M!V0%I)0FRYJ2`T62E%@\'C^2VV,7?1)Y5$'.:&I:4U.1Q[$Q$%)J6DWD(1X> M91G&QF+0_Z*U,G$!?7M)@(MERP-N?!`,WW6)4P/;\FI`9V%Z8MR#(JG5"7%` ME8"',>@HG\\G3XI5W=5/Q2`F[`R?K+JTY.H5]&(YI5,5_3)U35K17@_C3&OG M>@,4ICSBFQ2F/>)JHN^YHDT-W19W%%03'>J0.>Z(AQ6+/^L.1>W["BB5=U5_2JE-KBSO3AS(#O&U5TD4&;GCX] M!=4P(8(?)J2OQXE5OVA;1B]$JTCFB!&.XX=ET!C,\56BMRS:NX(L\=61"G4& M5Q7.&M`XM(ZH!-9N0,U@$ M:C[!RP2+P'(-?%&R"MK$A=,FE.>+KF7N]XSJ]3J7Y"2T&>K:)LQ8)H$94HPB MVB\0T&U+QP>&*L@>4Q(^Z%GP)+BJS*.*\@8*&RGQ/F$,[-\^5,-XKGQU).&7/*W>5%T@8!I?FT<*& MB`T-7ALLO-UYPP_8JU0\S'Q>0BL0QPQ[V7F?^&2_,C'=.BER75K)A#_C;A)+ M)&H_AN[L7RD<(\,MG0,%^NT>$3-E$VR+EF/8/J\_'1Q:P[90+W,XS5,?/+]8 ML6K\`J(-CE.7\PK\*O=JDA,QH0=PU[]T83KYUN1$3KAP4'K[3L3:5$AO19.D M87H?RN<0NK.:I&AJ?@#=V70J1#<>A]`=9>'/C>!^8^-!IY&`QYT`[C^$=@.: MF^O!ZH/ONHU.`YF=@.[6P.#:PQ9L-C<[C;6@%8-CS=4FW-OH+C77FK`>;'1N MKS7Y-N"?H`.=QDKW49-/7F]N!BOH"=8:6_>ZB/[F?]/^9;-^1/H1Z?^7]%E5 MC4B?1>2/2#\B_8CTKR+I>X0+MFZO=EN;G=L)6-]`1FT^7%UI0#NX'RP%GDL0WSDX=@O+CQ`!00.%,EC5)1BS+ MNY0_C,N]D$]I:74`\GD.=P4[%OZ2DH;^0.?894^^7&9_L!9C[&?V/EM97&Q] M=/>W:UUVG7W+/F;?L,\92_857RS>_)ZUD=+L0_8+!S6PQVR)M3_;XJ-(<19< M:WWR%6NS9?8!V^:7;HQ(/B+YBR2YV%[84;"\OLRIM6>Q@````` ` end >Release-Note: >Audit-Trail: From: Giorgos Keramidas To: Yarema Cc: FreeBSD-gnats-submit@freebsd.org, dwhite@freebsd.org, lioux@freebsd.org, dinoex@freebsd.org Subject: Re: ports/33929: Section 15.15 of the FreeBSD Porter's Handbook needs to be updated. Date: Thu, 24 Jan 2002 02:49:28 +0200 Adding to audit trail: Date: Wed, 16 Jan 2002 06:06:06 -0500 From: Yarema Subject: Re: Section 15.15 of the FreeBSD Porter's Handbook needs to be updated. --On Wednesday, January 16, 2002 08:52:57 +0100 Dirk Meyer wrote: >> to bring them all in sync. Changes include adding user 'bind' UID 53 to >> the top of the list, adding user 'courier' and sorting the list by UID so >> that future UID duplication is easier to avoid. User 'bind' UID 53 >> already exists in /usr/src/etc/master.passwd and this section documents >> UIDs 50 through 999. So user 'bind' clearly needs to be documented here. >> >> Of interest to the mail/sendmail port is that I removed: >> >> smmsp:*:90:90:Sendmail Queue:/nonexistent:/nonexistent >> >> since user 'smmsp' already exists as UID 25 in >> /usr/src/etc/master.passwd -- patching the mail/sendmail port to use UID >> 25 instad of 90 makes more sense (to me at least). > > 1) The sendmail port uses an already existiting UID/GID and does not > remove it. I noticed that. > 2) It may violate POLA to make the sendmail port create this > UID/GID on older FreeBSD-Systems with 25 instead of 90. Perhaps I over did it with having the patch remove smmsp:*:90:90:Sendmail Queue:/nonexistent:/nonexistent I think the rest of the patch makes good sense and fixes a number of inconsistencies in the documentation. Perhaps if the right people are proded it might get applied. :) Dirk, what about ifmail using UID 70, the same as pgsql? Wouldn't it make more sense for news/ifmail to use 65 which seems to be available? -- Yarema From: Giorgos Keramidas To: Yarema Cc: FreeBSD-gnats-submit@freebsd.org, dwhite@freebsd.org, lioux@freebsd.org, dinoex@freebsd.org Subject: Re: ports/33929: Section 15.15 of the FreeBSD Porter's Handbook needs to be updated. Date: Thu, 24 Jan 2002 02:47:55 +0200 Adding to audit-trail: Date: Wed, 16 Jan 2002 08:52:57 +0100 From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Subject: Re: Section 15.15 of the FreeBSD Porter's Handbook needs to be updated. > to bring them all in sync. Changes include adding user 'bind' UID 53 to > the top of the list, adding user 'courier' and sorting the list by UID so > that future UID duplication is easier to avoid. User 'bind' UID 53 already > exists in /usr/src/etc/master.passwd and this section documents UIDs 50 > through 999. So user 'bind' clearly needs to be documented here. > > Of interest to the mail/sendmail port is that I removed: > > smmsp:*:90:90:Sendmail Queue:/nonexistent:/nonexistent > > since user 'smmsp' already exists as UID 25 in /usr/src/etc/master.passwd -- > patching the mail/sendmail port to use UID 25 instad of 90 makes more sense > (to me at least). 1) The sendmail port uses an already existiting UID/GID and does not remove it. 2) It may violate POLA to make the sendmail port create this UID/GID on older FreeBSD-Systems with 25 instead of 90. kind regards Dirk From: Giorgos Keramidas To: Yarema Cc: FreeBSD-gnats-submit@freebsd.org, dwhite@freebsd.org, lioux@freebsd.org, dinoex@freebsd.org Subject: Re: ports/33929: Section 15.15 of the FreeBSD Porter's Handbook needs to be updated. Date: Thu, 24 Jan 2002 02:51:21 +0200 Adding to audit-trail: Date: Thu, 17 Jan 2002 11:38:31 +0100 From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Subject: Re: Section 15.15 of the FreeBSD Porter's Handbook needs to be updated. > Dirk, what about ifmail using UID 70, the same as pgsql? Wouldn't > it make more sense for news/ifmail to use 65 which seems to be > available? I can changes this 70 was assigned way back in the years: http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/news/ifmail/Attic/pkg-install While the postgresql7 change was just some 10 Month ago: http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/databases/postgresql7/pkg-install?rev=1.3&content-type=text/x-cvsweb-markup If the new one keeps free, I will take the anger of the users, (less then postgresql7) kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany Responsible-Changed-From-To: freebsd-ports->freebsd-doc Responsible-Changed-By: petef Responsible-Changed-When: Tue Feb 5 00:36:18 PST 2002 Responsible-Changed-Why: A -doc guy should take care of this. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=33929 State-Changed-From-To: open->closed State-Changed-By: linimon State-Changed-When: Wed Jun 30 02:33:07 GMT 2004 State-Changed-Why: Except for the courier change (which is no longer correct), all of these changes have been made long ago. This PR seems to have been just forgotten. http://www.freebsd.org/cgi/query-pr.cgi?pr=33929 >Unformatted: