[135851] trunk/base/src

cal at macports.org cal at macports.org
Tue May 5 10:33:30 PDT 2015 

Revision: 135851
          https://trac.macports.org/changeset/135851
Author:   cal at macports.org
Date:     2015-05-05 10:33:30 -0700 (Tue, 05 May 2015)
Log Message:
-----------
base: Avoid overlap between existsuser/existsgroup error code and root/wheel's UID/GID, closes #45737

Return -1 from existsuser and existsgroup when a user or group does not exist.
Because these commands return the UID or GID in case of success, they could not
be used to check for the existence of the root user or the wheel group (UID/GID
0).

Since existsuser and existsgroup are used in adduser and addgroup in
port1.0/portutil.tcl, putting add_user root into a Portfile would make MacPorts
trash the system's root user by replacing it with a new user with a non-zero
UID, effectively stripping the root user from its privileges.

This caused a problem in the dbus port when installed in a root MacPorts
installation with the +no_root variant, which is explained in #45737.

Modified Paths:
--------------
    trunk/base/src/pextlib1.0/Pextlib.c
    trunk/base/src/port1.0/portutil.tcl

Modified: trunk/base/src/pextlib1.0/Pextlib.c
===================================================================
--- trunk/base/src/pextlib1.0/Pextlib.c	2015-05-05 17:24:04 UTC (rev 135850)
+++ trunk/base/src/pextlib1.0/Pextlib.c	2015-05-05 17:33:30 UTC (rev 135851)
@@ -216,7 +216,7 @@
     }
 
     if (pwent == NULL) {
-        tcl_result = Tcl_NewIntObj(0);
+        tcl_result = Tcl_NewIntObj(-1);
     } else {
         tcl_result = Tcl_NewIntObj(pwent->pw_uid);
     }
@@ -244,7 +244,7 @@
     }
 
     if (grent == NULL) {
-        tcl_result = Tcl_NewIntObj(0);
+        tcl_result = Tcl_NewIntObj(-1);
     } else {
         tcl_result = Tcl_NewIntObj(grent->gr_gid);
     }

Modified: trunk/base/src/port1.0/portutil.tcl
===================================================================
--- trunk/base/src/port1.0/portutil.tcl	2015-05-05 17:24:04 UTC (rev 135850)
+++ trunk/base/src/port1.0/portutil.tcl	2015-05-05 17:33:30 UTC (rev 135851)
@@ -2366,7 +2366,7 @@
         }
     }
 
-    if {[existsuser ${name}] != 0 || [existsuser ${uid}] != 0} {
+    if {[existsuser ${name}] != -1 || [existsuser ${uid}] != -1} {
         return
     }
 
@@ -2474,7 +2474,7 @@
         }
     }
 
-    if {[existsgroup ${name}] != 0 || [existsgroup ${gid}] != 0} {
+    if {[existsgroup ${name}] != -1 || [existsgroup ${gid}] != -1} {
         return
     }
 
@@ -3042,7 +3042,7 @@
 proc validate_macportsuser {} {
     global macportsuser
     if {[getuid] == 0 && $macportsuser ne "root" && 
-        ([existsuser $macportsuser] == 0 || [existsgroup $macportsuser] == 0 )} {
+        ([existsuser $macportsuser] == -1 || [existsgroup $macportsuser] == -1)} {
         ui_warn "configured user/group $macportsuser does not exist, will build as root"
         set macportsuser "root"
     }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20150505/a7a00fe5/attachment.html>

More information about the macports-changes mailing list