X-Original-To: alpine-aports@lists.alpinelinux.org Delivered-To: alpine-aports@mail.alpinelinux.org Received: from mail-la0-f51.google.com (mail-la0-f51.google.com [209.85.215.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 675DBDC00EA for ; Sat, 7 Feb 2015 07:38:14 +0000 (UTC) Received: by labpv20 with SMTP id pv20so5194649lab.7 for ; Fri, 06 Feb 2015 23:38:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=NXg8OtSbK9t57U7nTMzeliq3K0VJlIct9O/DwwMFFd0=; b=CESvvcNbXk7OyLchl45j7lx5qlq5HI6SoPnGGwaXnkh6fWJp3YBGgcxTMT0Ae+Ux/T nt5C/LV+miihg1TUhpzxuA/M8QRr28yaqQAWsIUyQvYkEUYNeG+MOLeY87qaJfDpIlB6 5BEIyJOqlHaPdAtTxciom/rvRrY01M/t2Md4KYCzun6r1/F/kcwBwWtEKwzLVG6FnhZ2 VmFwzL0khGaNzJASc34Nx6C0wJYX8iBjwU+bwInZmUOMiQtUtkC8ASb7KdCemRjBs31x QQDw5UkMbEj5w1mooE2fyiZ/7Vkk8TZQr1RKAf4+tfNvmvR1bLEaLhrWFXXD1jntUrvt v8LQ== X-Received: by 10.112.159.195 with SMTP id xe3mr6329100lbb.64.1423294692370; Fri, 06 Feb 2015 23:38:12 -0800 (PST) Received: from vostro ([83.145.235.202]) by mx.google.com with ESMTPSA id k1sm789194laf.19.2015.02.06.23.38.12 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Feb 2015 23:38:12 -0800 (PST) Sender: =?UTF-8?Q?Timo_Ter=C3=A4s?= Date: Sat, 7 Feb 2015 09:37:39 +0200 From: Timo Teras To: Stuart Cardall Cc: alpine-aports@lists.alpinelinux.org Subject: Re: [alpine-aports] [PATCH] main/sshfs: add /sbin/setup-sshfs Message-ID: <20150207093739.783a0b1d@vostro> In-Reply-To: <1423243837-4739-1-git-send-email-developer@it-offshore.co.uk> References: <1423243837-4739-1-git-send-email-developer@it-offshore.co.uk> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-alpine-linux-musl) X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi, I am still not going to apply this in any form. It is not acceptable to add users to 'readproc' group for this reason. This is a bug in fuse or musl. I'll file a bug, and fix it properly so this is not needed. My initial look would imply this is a bug in musl's realpath() implementation not working with setsuid binaries when they have set fs user to something else. Thanks, Timo On Fri, 6 Feb 2015 17:30:37 +0000 Stuart Cardall wrote: > revised patch with the setup script moved to /sbin > --- > main/sshfs/APKBUILD | 16 ++++++++++++---- > main/sshfs/sshfs.setup | 29 +++++++++++++++++++++++++++++ > 2 files changed, 41 insertions(+), 4 deletions(-) > create mode 100644 main/sshfs/sshfs.setup > > diff --git a/main/sshfs/APKBUILD b/main/sshfs/APKBUILD > index 6b3c3b4..8727b06 100644 > --- a/main/sshfs/APKBUILD > +++ b/main/sshfs/APKBUILD > @@ -8,7 +8,9 @@ arch="all" > license="GPL" > depends="openssh-client" > makedepends="pkgconfig fuse-dev glib-dev" > -source="http://downloads.sourceforge.net/sourceforge/fuse/sshfs-fuse-$pkgver.tar.gz" > +source="http://downloads.sourceforge.net/sourceforge/fuse/sshfs-fuse-$pkgver.tar.gz > + $pkgname.setup > + " > > _builddir="$srcdir"/sshfs-fuse-$pkgver > build () > @@ -25,8 +27,14 @@ build () > package() { > cd "$_builddir" > make DESTDIR="$pkgdir" install || return 1 > + install -m755 -D "$srcdir"/$pkgname.setup \ > + "$pkgdir"/sbin/setup-$pkgname || return 1 > + > } > > -md5sums="17494910db8383a366b1301e5f5148a9 sshfs-fuse-2.5.tar.gz" > -sha256sums="e9171452e5d0150b9c6a2158fd2e2dcefb5d5d03ba4d208949e00a3a46c6e63e > sshfs-fuse-2.5.tar.gz" > -sha512sums="48ae4008d10fe66b843ff1e891627f8262e00d064fec048c8c1189507e757994e81e4fa2deb4d8d56cff0d1818efe4a692494b9c48a01c6c79c626acefa1b53e > sshfs-fuse-2.5.tar.gz" +md5sums="17494910db8383a366b1301e5f5148a9 > sshfs-fuse-2.5.tar.gz +006b92e3a95f7156e3f8f99493262d01 sshfs.setup" > +sha256sums="e9171452e5d0150b9c6a2158fd2e2dcefb5d5d03ba4d208949e00a3a46c6e63e > sshfs-fuse-2.5.tar.gz > +96722ab9c7cb961266d4f684ea3e3b53e3fcddd513f7273c7a29cd6af69e1b23 > sshfs.setup" > +sha512sums="48ae4008d10fe66b843ff1e891627f8262e00d064fec048c8c1189507e757994e81e4fa2deb4d8d56cff0d1818efe4a692494b9c48a01c6c79c626acefa1b53e > sshfs-fuse-2.5.tar.gz > +4bfaa2d9da94a09c4c7f6f93242f5ff503beb4b273df14e39ae14eb0902d0b92a0359395c2674d8c5c0ecf077ee6ab70c93b6497947e53d0972c58f8f8e6c5e9 > sshfs.setup" diff --git a/main/sshfs/sshfs.setup > b/main/sshfs/sshfs.setup new file mode 100644 index 0000000..e89d5bc > --- /dev/null +++ b/main/sshfs/sshfs.setup @@ -0,0 +1,29 @@ +#!/bin/sh > + > +NORMAL="\033[1;0m" > +STRONG="\033[1;1m" > +GREEN="\033[1;32m" > + > +print_strong() { > + local prompt="${STRONG}$1 ${GREEN}$2${NORMAL}" > + printf "${prompt} %s" > +} > + > +user_list=$(awk -F':' '{ if ( $3 >= 1000 && $1 != "nobody" ) print > $1}' /etc/passwd) +group=readproc > + > +if [ -n "$user_list" ]; then > + print_strong "\nAdd normal system users to group '$group'" > "(to allow sshfs mounting) [y/N]:" > + read answer > + > + case "$answer" in > + y*|Y*) for user in $user_list; do > + read -p "Add '$user' to Group > '$group'?: [y/N] " answer > + case "$answer" in > + y*|Y*) addgroup $user $group;; > + esac > + done;; > + esac > +fi > +exit 0 > + --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---