[MacPorts] #30992: virtualbox: enable hardening

MacPorts noreply at macports.org
Sat Sep 10 20:04:01 PDT 2011 

#30992: virtualbox: enable hardening
--------------------------------------+-------------------------------------
  Reporter:  ryandesign@…             |       Owner:  rmstonecipher@…           
      Type:  enhancement              |      Status:  closed                    
  Priority:  Normal                   |   Milestone:                            
 Component:  ports                    |     Version:  2.0.1                     
Resolution:  fixed                    |    Keywords:                            
      Port:  virtualbox               |  
--------------------------------------+-------------------------------------

Comment(by carsomyr@…):

 Replying to [comment:32 ecronin@…]:
 > Replying to [comment:31 carsomyr@…]:
 > > > * You also need to check that no part of the path is a+w like
 comment 1 part 6 says.
 > >
 > > Does this warrant action?  The correct permissions for MacPorts
 VirtualBox just are; they're a consequence of the build process, and I've
 verified that none of them are a+w.
 > >
 > > -Roy
 >
 > The build process changes the permissions of /Applications or
 /Users/username if they've been made o+w for some reason?  What MacPorts
 installs into its directories is correct, but it has no control over what
 is before it in the hierarchy and VirtualBox cares about that.  Don't
 count on users always knowing what they're doing, e.g.
 http://stackoverflow.com/questions/663089/unable-to-make-applications-
 folder-writeable-in-mac (from personal experience, OS 9 transplants used
 to love doing this to make it more familiar; they'd throw the -R flag in
 too for good measure.  Plenty of bad advice on how to "fix" things exists
 in Google still)

 Ah, I see, we are talking past each other.  I was questioning the
 necessity of permissions checking inside the VirtualBox hierarchy and not
 its parent directories.  Still, I wonder why making higher level
 directories writeable could possibly allow other users to affect anything
 within /Applications/MacPorts/VirtualBox.  Still going to put in the
 change, though.

 -Roy

-- 
Ticket URL: <https://trac.macports.org/ticket/30992#comment:33>
MacPorts <http://www.macports.org/>
Ports system for Mac OS

More information about the macports-tickets mailing list