Hoi,
before I file a bug against prtverify I like to discuss on the list,
because I'm not really sure.
Prtverify produces a fatal error of a port installs a world writable
directory. AFAIK this isn't generally eval, because, if the directory
has the sticky bit set, no harm can be done. See /tmp. This function
needs to be supported by the kernel, of course. But for Linux, I
assume this is true.
Therefor I propose the attached patch, which excludes the case when
the world writable directory has the sticky bit set.
What do you think?
meillo
P.S.
I came across this issue when I prepared the ex-vi port, which
includes /var/preserve.
--- prt-utils-0.9.3.orig//lib/prtverify/30_file_permissions.awk
2009-10-06 18:41:12.000000000 +0200
+++ prt-utils-0.9.3/lib/prtverify/30_file_permissions.awk
2011-09-06 11:14:56.000000000 +0200
@@ -7,8 +7,9 @@
loglevel_ok(FATAL) && FILENAME ~ FOOTPRINT {
- if ($1 ~ /^d.......w./)
+ if ($1 ~ /^d.......w[^t]/)
perror(FATAL, "world writable directory found: " $3)
+ # only a problem if the sticky bit is not set also
if ($1 ~ /^-.......w./)
perror(FATAL, "world writable file found: " $3)
