On Saturday 15 March 2008, Donnie Berkholz wrote: > 1.1 sys-power/nut/nut-2.2.1.ebuild > > file : > http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-power/nut/nut-2.2.1.e >build?rev=1.1&view=markup plain: > http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-power/nut/nut-2.2.1.e >build?rev=1.1&content-type=text/plain > > src_install() { > ... > > eval fperms 0640 ${NUT_PRIVATE_FILES} > eval fowners root:nut ${NUT_PRIVATE_FILES} > > eval fperms 0644 ${NUT_PUBLIC_FILES} > eval fowners root:root ${NUT_PUBLIC_FILES} > ... > > pkg_postinst() { > # this is to ensure that everybody that installed old versions still has > # correct permissions > > chown nut:nut "${ROOT}"/var/lib/nut 2>/dev/null > chmod 0700 "${ROOT}"/var/lib/nut 2>/dev/null > > eval chown root:nut "${ROOT}"${NUT_PRIVATE_FILES} 2>/dev/null > eval chmod 0640 "${ROOT}"${NUT_PRIVATE_FILES} 2>/dev/null > > eval chown root:root "${ROOT}"${NUT_PUBLIC_FILES} 2>/dev/null > eval chmod 0644 "${ROOT}"${NUT_PUBLIC_FILES} 2>/dev/null > Is there any reason why eval is used in either of these places?
The two variables NUT_PRIVATE_FILES and NUT_PUBLIC_FILES contain shell expansions, and unless the eval is used, the chmod/chown/fperms/fowners calls do NOT work properly. If you do s/eval//g, and try to package, you get this: chmod: cannot access `/dev/shm/portage/sys-power/nut-2.2.1/image//etc/nut/{upsd.conf,upsd.users,upsmon.conf}': No such file or directory chown: cannot access `/dev/shm/portage/sys-power/nut-2.2.1/image//etc/nut/{upsd.conf,upsd.users,upsmon.conf}': No such file or directory chmod: cannot access `/dev/shm/portage/sys-power/nut-2.2.1/image//etc/nut/{{hosts,upsset,ups,upssched}.conf,upsstats{,-single}.html}': No such file or directory chown: cannot access `/dev/shm/portage/sys-power/nut-2.2.1/image//etc/nut/{{hosts,upsset,ups,upssched}.conf,upsstats{,-single}.html}': No such file or directory This leads to the nut configuration files w/ password details having insecure permissions.
