Fix a potential root exploit in runtar that would allow any user to run

tar as root.

PR:		15577
Submitted by:	AnarCat <beaupran@iro.umontreal.ca>

2 files changed, 39 insertions, 0 deletions

diff --git a/misc/amanda/Makefile b/misc/amanda/Makefile
index df0471af745d..c4dcc3ce2239 100644
--- a/misc/amanda/Makefile
+++ b/misc/amanda/Makefile
@@ -45,5 +45,6 @@ post-install:
 .endfor
 	@${MKDIR} ${PREFIX}/share/examples/amanda
 	${INSTALL_DATA} ${WRKSRC}/example/* ${PREFIX}/share/examples/amanda
+	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGDIR}/INSTALL ${PKGNAME} POST-INSTALL
 
 .include <bsd.port.mk>
diff --git a/misc/amanda/pkg-install b/misc/amanda/pkg-install
new file mode 100644
index 000000000000..707f96fa597c
--- /dev/null
+++ b/misc/amanda/pkg-install
@@ -0,0 +1,38 @@
+#! /bin/sh
+
+if [ "X$2" != "XPOST-INSTALL" ]; then
+    exit 0
+fi
+
+echo -n "Adding necessary groups and modifying permissions on "
+echo "${PKG_PREFIX}/libexec/amanda dir" 
+
+group=amanda
+
+if pw groupshow "${group}" 2>/dev/null; then
+    echo "You already have a group \"${group}\", so I will use it."
+else
+    echo "You need a group \"${group}\"."
+    if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
+        read -p "Would you like me to create it? [Y] " ans
+    fi
+    if [ x$ans = x ]; then
+        ans=y
+    fi
+    case "$ans" in
+    [Yy]*)
+        pw groupadd ${group} -h - || exit
+        echo "Done."
+	;;
+    *)
+        echo "Please create it, and try again."
+	exit 1
+	;;
+    esac
+fi
+
+echo "Modifying permissions on ${PKG_PREFIX}/libexec/amanda"
+/sbin/chown root:amanda ${PKG_PREFIX}/libexec/amanda
+/bin/chmod 510 ${PKG_PREFIX}/libexec/amanda
+/sbin/chown root:amanda ${PKG_PREFIX}/libexec/amanda/*
+/bin/chmod 4550 ${PKG_PREFIX}/libexec/amanda/*