trunk "dropPrivileges" question(Re: ruby, macports trunk and setgid)
kimura wataru
kimuraw at macports.org
Tue Apr 14 05:31:53 PDT 2009
Hi,
I reproduced the problem #19131 on ppc 10.4.11 with trunk r49611.
but succeeded build on ppc 10.5.3 and i386 10.5.6.
ruby port runs ruby(+miniruby) in build process, then ruby do not
allow some options (-I, -r, -e,..) under uid <> euid or gid <> egid
for security reasons.
I tested `sudo port build ruby' on the follwing environments and
watched the values of uid, euid, gid and egid from running ruby/miniruby.
uid euid gid egid
-------------------------------------
ppc 10.4 0 0 0 -1
ppc 10.5 0 0 0 0
i38610.5 0 0 0 0
all of port system says:
DEBUG: changing euid/egid - current euid: 0 - current egid: -1
DEBUG: egid changed to: -1
DEBUG: euid changed to: 0
which value of egid, getegid() returns, is the right value, -1 or 0?
On Wed, 08 Apr 2009 09:08:32 -0700, David Evans wrote:
> Ruby fails to build using the usual
>
> sudo port install/upgrade ruby
>
> when using MacPorts trunk (but not 1.7.1) because port runs setgid
> and miniruby that is built and used in the build
> sees that as a security problem and will not run as requested.
>
> Is this a problem or is there a way to get around this? Are there
> other ports that don't like running setgid?
>
> See https://trac.macports.org/ticket/19131
> _______________________________________________
> macports-dev mailing list
> macports-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
More information about the macports-dev
mailing list