mirror of https://github.com/NetBSD/src.git
Fix for problematic paths in /etc/daily and /etc/security reported in
PR/47645. Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf). Thanks also to Edgar Fuss for the sanity check.khorben-n900
parent
8f0edf9e8a
commit
1410cf30c2
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: mi,v 1.230 2013/04/25 17:10:50 christos Exp $
|
||||
# $NetBSD: mi,v 1.231 2013/05/01 05:36:25 agc Exp $
|
||||
#
|
||||
# Note: end-user configuration files that are moved to another location
|
||||
# should not be marked "obsolete"; they should just be removed from
|
||||
|
@ -40,6 +40,7 @@
|
|||
./etc/defaults/daily.conf etc-sys-defaults
|
||||
./etc/defaults/monthly.conf etc-sys-defaults
|
||||
./etc/defaults/pf.boot.conf etc-pf-defaults pf
|
||||
./etc/defaults/pkgpath.conf etc-sys-defaults
|
||||
./etc/defaults/rc.conf etc-sys-defaults
|
||||
./etc/defaults/security.conf etc-sys-defaults
|
||||
./etc/defaults/weekly.conf etc-sys-defaults
|
||||
|
@ -133,6 +134,7 @@
|
|||
./etc/pf.conf etc-pf-etc pf
|
||||
./etc/pf.os etc-pf-etc pf
|
||||
./etc/phones etc-sys-etc
|
||||
./etc/pkgpath.conf etc-sys-etc
|
||||
./etc/postfix/README etc-postfix-etc postfix
|
||||
./etc/postfix/main.cf etc-postfix-etc postfix
|
||||
./etc/postfix/master.cf etc-postfix-etc postfix
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh -
|
||||
#
|
||||
# $NetBSD: daily,v 1.88 2013/03/08 14:32:12 christos Exp $
|
||||
# $NetBSD: daily,v 1.89 2013/05/01 05:36:25 agc Exp $
|
||||
# @(#)daily 8.2 (Berkeley) 1/25/94
|
||||
#
|
||||
|
||||
|
@ -10,6 +10,9 @@ umask 077
|
|||
if [ -s /etc/daily.conf ]; then
|
||||
. /etc/daily.conf
|
||||
fi
|
||||
if [ -s /etc/pkgpath.conf ]; then
|
||||
. /etc/pkgpath.conf
|
||||
fi
|
||||
|
||||
host="$(hostname)"
|
||||
date="$(date)"
|
||||
|
@ -257,7 +260,7 @@ if checkyesno run_rdist && [ -f /etc/Distfile ]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
if pkg_info ${_compat_K_flag} -q -E '*'; then
|
||||
if ${pkg_info} ${_compat_K_flag} -q -E '*'; then
|
||||
if [ -z "$fetch_pkg_vulnerabilities" ]; then
|
||||
echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
|
||||
echo "You should set it to YES to enable vulnerability checks"
|
||||
|
@ -265,7 +268,7 @@ if pkg_info ${_compat_K_flag} -q -E '*'; then
|
|||
elif checkyesno fetch_pkg_vulnerabilities; then
|
||||
echo ""
|
||||
echo "Fetching package vulnerabilities database:"
|
||||
( umask 022 && pkg_admin ${_compat_K_flag} \
|
||||
( umask 022 && ${pkg_admin} ${_compat_K_flag} \
|
||||
fetch-pkg-vulnerabilities -u )
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
# $NetBSD: Makefile,v 1.5 2011/08/22 20:48:38 jym Exp $
|
||||
# $NetBSD: Makefile,v 1.6 2013/05/01 05:36:25 agc Exp $
|
||||
|
||||
.include <bsd.own.mk>
|
||||
|
||||
CONFIGFILES= daily.conf monthly.conf security.conf weekly.conf
|
||||
CONFIGFILES= daily.conf monthly.conf pkgpath.conf security.conf weekly.conf
|
||||
FILESDIR= /etc/defaults
|
||||
FILESMODE= ${NONBINMODE}
|
||||
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
# $NetBSD: pkgpath.conf,v 1.1 2013/05/01 05:36:25 agc Exp $
|
||||
#
|
||||
# /etc/defaults/pkgpath.conf --
|
||||
# default configuration of /etc/pkgpath.conf
|
||||
#
|
||||
# packaging tools configuration
|
||||
#
|
||||
# DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
|
||||
# EDIT /etc/pkgpath.conf INSTEAD.
|
||||
#
|
||||
|
||||
pkg_admin=/usr/sbin/pkg_admin
|
||||
pkg_info=/usr/sbin/pkg_info
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: security.conf,v 1.24 2012/04/05 09:09:27 spz Exp $
|
||||
# $NetBSD: security.conf,v 1.25 2013/05/01 05:36:25 agc Exp $
|
||||
#
|
||||
# /etc/defaults/security.conf --
|
||||
# default configuration of /etc/security.conf
|
||||
|
@ -30,7 +30,6 @@ check_pkg_signatures=YES
|
|||
backup_dir=/var/backups
|
||||
backup_uses_rcs=YES
|
||||
diff_options=-u
|
||||
pkg_info=/usr/sbin/pkg_info
|
||||
|
||||
check_homes_permit_usergroups=NO
|
||||
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
# $NetBSD: pkgpath.conf,v 1.1 2013/05/01 05:36:25 agc Exp $
|
||||
#
|
||||
# packaging tools configuration
|
||||
|
||||
if [ -r /etc/defaults/pkgpath.conf ]; then
|
||||
. /etc/defaults/pkgpath.conf
|
||||
fi
|
||||
|
||||
# Add local overrides below
|
||||
#
|
11
etc/security
11
etc/security
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh -
|
||||
#
|
||||
# $NetBSD: security,v 1.111 2012/04/05 09:09:27 spz Exp $
|
||||
# $NetBSD: security,v 1.112 2013/05/01 05:36:25 agc Exp $
|
||||
# from: @(#)security 8.1 (Berkeley) 6/9/93
|
||||
#
|
||||
|
||||
|
@ -21,6 +21,9 @@ TZ=UTC; export TZ
|
|||
if [ -s /etc/security.conf ]; then
|
||||
. /etc/security.conf
|
||||
fi
|
||||
if [ -s /etc/pkgpath.conf ]; then
|
||||
. /etc/pkgpath.conf
|
||||
fi
|
||||
|
||||
# Set reasonable defaults (if they're not set in security.conf)
|
||||
#
|
||||
|
@ -926,7 +929,7 @@ fi
|
|||
if checkyesno check_pkgs && have_pkgs; then
|
||||
pkgs=$work_dir/pkgs
|
||||
migrate_file "$backup_dir/pkgs" "$pkgs"
|
||||
pkg_dbdir=$(pkg_admin config-var PKG_DBDIR)
|
||||
pkg_dbdir=$(${pkg_admin} config-var PKG_DBDIR)
|
||||
: ${pkg_dbdir:=/var/db/pkg}
|
||||
( cd $pkg_dbdir
|
||||
$pkg_info | sort
|
||||
|
@ -1009,7 +1012,7 @@ fi
|
|||
|
||||
if have_pkgs; then
|
||||
if checkyesno check_pkg_vulnerabilities; then
|
||||
pkg_admin ${_compat_K_flag} audit >${OUTPUT} 2>&1
|
||||
${pkg_admin} ${_compat_K_flag} audit >${OUTPUT} 2>&1
|
||||
if [ -s ${OUTPUT} ]; then
|
||||
printf "\nInstalled vulnerable packages:\n"
|
||||
cat ${OUTPUT}
|
||||
|
@ -1017,7 +1020,7 @@ if have_pkgs; then
|
|||
fi
|
||||
|
||||
if checkyesno check_pkg_signatures; then
|
||||
pkg_admin ${_compat_K_flag} check >${OUTPUT} 2>&1
|
||||
${pkg_admin} ${_compat_K_flag} check >${OUTPUT} 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
printf "\nFiles with invalid signatures:\n"
|
||||
cat ${OUTPUT}
|
||||
|
|
Loading…
Reference in New Issue