[pkgsrc/trunk]: pkgsrc/x11/kdelibs3 Fix a serious security issue for platform...

[hasso <hasso%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/424b1bbf4d21
branches:  trunk
changeset: 394847:424b1bbf4d21
user:      hasso <hasso%pkgsrc.org@localhost>
date:      Tue Jun 16 16:09:36 2009 +0000

description:
Fix a serious security issue for platforms using kgrantpty (NetBSD isn't
such, but DragonFly is): ${SETUID_ROOT_PERMS} doesn't work for suid
kgrantpty, because the locate() method used to find the path to the binary
expects it to have a read permissions set.

diffstat:

 x11/kdelibs3/Makefile |  8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diffs (26 lines):

diff -r ce1127fd42e2 -r 424b1bbf4d21 x11/kdelibs3/Makefile
--- a/x11/kdelibs3/Makefile     Tue Jun 16 15:42:30 2009 +0000
+++ b/x11/kdelibs3/Makefile     Tue Jun 16 16:09:36 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.140 2008/08/27 12:02:31 markd Exp $
+# $NetBSD: Makefile,v 1.141 2009/06/16 16:09:36 hasso Exp $
 
 DISTNAME=      kdelibs-${_KDE_VERSION}
+PKGREVISION=   1
 CATEGORIES=    x11
 COMMENT=       Support libraries for the KDE integrated X11 desktop
 
@@ -57,9 +58,12 @@
 SUBST_SED.kdemagic=    -n -e 'p' -e 's:/usr/local/bin:${LOCALBASE}/bin:p'
 
 SPECIAL_PERMS+=        ${PREFIX}/bin/fileshareset      ${SETUID_ROOT_PERMS}
-SPECIAL_PERMS+=        ${PREFIX}/bin/kgrantpty         ${SETUID_ROOT_PERMS}
 SPECIAL_PERMS+=        ${PREFIX}/bin/kpac_dhcp_helper  ${SETUID_ROOT_PERMS}
 
+# ${SETUID_ROOT_PERMS} doesn't work here because the locate() method used to
+# find the path to the kgrantpty expects it to have read permissions set.
+SPECIAL_PERMS+=        ${PREFIX}/bin/kgrantpty ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555
+
 .include "options.mk"
 
 PLIST_VARS+=           kded