Mail archive
alpine-aports

Re: [alpine-aports] [PATCH] main/sshfs: post-install

From: Timo Teras <timo.teras_at_iki.fi>
Date: Fri, 6 Feb 2015 16:58:52 +0200

While I understand what it's trying to fix, and why you suggest this.
It is not correct on multiple levels:
- apk packages need to be installable non-interactively
- adding to readproc allows lots of other stuff
- the fix should be to:
  1) make sshfs not read those files, or not fail if they are not
  readable
  2) fix grsec proc permissions to allow it work

Do you know which files sshfs needs that are not readable for regular
user?

On Fri, 6 Feb 2015 14:28:59 +0000
Stuart Cardall <developer_at_it-offshore.co.uk> wrote:

> Small post-install script giving the option to selectively add normal
> users to group readproc so they can mount sshfs under grsecurity.
> ---
> main/sshfs/APKBUILD | 4 +++-
> main/sshfs/sshfs.post-install | 29 +++++++++++++++++++++++++++++
> 2 files changed, 32 insertions(+), 1 deletion(-)
> create mode 100644 main/sshfs/sshfs.post-install
>
> diff --git a/main/sshfs/APKBUILD b/main/sshfs/APKBUILD
> index 6b3c3b4..07897f6 100644
> --- a/main/sshfs/APKBUILD
> +++ b/main/sshfs/APKBUILD
> _at_@ -8,7 +8,9 @@ arch="all"
> license="GPL"
> depends="openssh-client"
> makedepends="pkgconfig fuse-dev glib-dev"
> -source="http://downloads.sourceforge.net/sourceforge/fuse/sshfs-fuse-$pkgver.tar.gz"
> +source="http://downloads.sourceforge.net/sourceforge/fuse/sshfs-fuse-$pkgver.tar.gz
> + $pkgname.setup
> + "
>
> _builddir="$srcdir"/sshfs-fuse-$pkgver
> build ()
> diff --git a/main/sshfs/sshfs.post-install
> b/main/sshfs/sshfs.post-install new file mode 100644
> index 0000000..852cdfa
> --- /dev/null
> +++ b/main/sshfs/sshfs.post-install
> _at_@ -0,0 +1,29 @@
> +#!/bin/sh
> +
> +NORMAL="\033[1;0m"
> +STRONG="\033[1;1m"
> +GREEN="\033[1;32m"
> +
> +print_strong() {
> + local prompt="${STRONG}$1 ${GREEN}$2${NORMAL}"
> + printf "${prompt} %s"
> +}
> +
> +user_list=$(awk -F':' '{ if ( $3 >= 1000 && $1 != "nobody" ) print
> $1}' /etc/passwd) +group=readproc
> +
> +if [ -n "$user_list" ]; then
> + print_strong "\nAdd normal system users to group '$group'"
> "(to allow sshfs mounting) [y/N]:"
> + read answer
> +
> + case "$answer" in
> + y*|Y*) for user in $user_list; do
> + read -p "Add '$user' to Group
> '$group'?: [y/N] " answer
> + case "$answer" in
> + y*|Y*) addgroup $user
> readproc;;
> + esac
> + done;;
> + esac
> +fi
> +exit 0
> +



---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Fri Feb 06 2015 - 16:58:52 GMT