trunk "dropPrivileges" question(Re: ruby, macports trunk and setgid)

kimura wataru kimuraw at macports.org
Tue Apr 14 05:31:53 PDT 2009


Hi,

I reproduced the problem #19131 on ppc 10.4.11 with trunk r49611.
but succeeded build on ppc 10.5.3 and i386 10.5.6.
ruby port runs ruby(+miniruby) in build process, then ruby do not 
allow some options (-I, -r, -e,..) under uid <> euid or gid <> egid
for security reasons.

I tested `sudo port build ruby' on the follwing environments and
watched the values of uid, euid, gid and egid from running ruby/miniruby.

             uid   euid      gid   egid
  -------------------------------------
  ppc 10.4     0      0        0     -1 
  ppc 10.5     0      0        0      0  
  i38610.5     0      0        0      0

all of port system says:
  DEBUG: changing euid/egid - current euid: 0 - current egid: -1 
  DEBUG: egid changed to: -1 
  DEBUG: euid changed to: 0 

which value of egid, getegid() returns, is the right value, -1 or 0?

On Wed, 08 Apr 2009 09:08:32 -0700, David Evans wrote:
> Ruby fails to build using the usual
> 
> sudo port install/upgrade ruby
> 
> when using MacPorts trunk (but not 1.7.1) because port runs setgid 
> and miniruby that is built and used in the build
> sees that as a security problem and will not run as requested.
> 
> Is this a problem or is there a way to get around this? Are there 
> other ports that don't like running setgid?
> 
> See https://trac.macports.org/ticket/19131
> _______________________________________________
> macports-dev mailing list
> macports-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev


More information about the macports-dev mailing list