From: Stuart Henderson Subject: Re: Unprivileged font cache: xenocara To: tech@openbsd.org Date: Thu, 3 Jul 2025 13:29:45 +0100 On 2025/07/03 02:31, Anthony J. Bentley wrote: > Stuart Henderson writes: > > On 2025/07/01 01:41, Anthony J. Bentley wrote: > > > + pw = getpwnam("_fc-cache"); > > > + if (!pw) > > > + errx(1, "no _fc-cache user to revoke to"); > > > > if _fc-cache doesn't exist yet, does it matter about setting ownership > > back to root? (i.e. would it make sense to fallback to old behaviour > > in case sysmerge hasn't been run to add the uid/gid yet?) > > I think it's fine as-is. In my tests, sysmerge did always run without > user intervention. If for some reason sysmerge didn't run, the error > message is clear about what's wrong. Falling back to root instead would > cause difficulty for pkg_add if packages are updated before sysmerge, > which seems more likely than manually running fc-cache before sysmerge, > and would be harder to notice and to fix. pkg_add (post-diff) won't be able to run fc_cache until the _fc-cache user exists anyway. > > (belt and braces: sysmerge could chown after the dir adding _fc-cache...) > > Yes, but IMO that's added complication that's not necessary. It would cover the "upgrade by untarring sets" upgrade method as well as bsd.rd though. (It could be done _instead_ of the bsd.rd change, which would then avoid chown'ing the files to a uid that doesn't exist on the installed system..) It doesn't matter much either way in the typical case though.