Solved pkg audit - insufficient privileges

I tried as root pkg audit -F
get:
Code:
pkg audit -F
vulnxml file up-to-date
pkg: Insufficient privileges to read the package database

On FreeBSD-10.3-RELEASE (amd64).
Code:
pkg -v
1.9.1
 
This is probably a bug where the new privilege drop (which is a very nice feature security wise) is applied incorrectly, the -F option definitely needs superuser privileges for the fetch and store part of the operation.
 
What are the permissions of /var/db/pkg/ and the files therein?
 
Code:
ls -al /var/db/pkg|more
total 137316
drwxr-x--x  1466 root  wheel     42496 21 Okt 16:09 .
drwxr-xr-x    20 root  wheel      1024 21 Okt 16:43 ..

all other
either like this
Code:
drwxr-xr-x     2 root  wheel       512 25 Sep  2015 CoinMP-1.8.3
or
-rw-r--r--     1 root  wheel       246  9 Okt 01:17 FreeBSD.meta
 
No
Code:
root ALL=(ALL) ALL
%sudo  ALL=(ALL) ALL
%wheel ALL=(ALL) ALL

And I changed nothing with permissions in the last time.
I saw the problem first time for half an hour.
 
Do you have some peculiar sudo set up? I can't replicate the problem on 11.0-RELEASE-p1 using root shell or sudo(8).
Works for me too on FreeBSD 10.3-RELEASE.
drwxr-x--x 1466 root wheel 42496 21 Okt 16:09 .
That's not right. /var/db/pkg needs to be world readable. pkg now drops privileges to the nobody user before accessing the package database. This might have worked before but not with newer pkg versions. A chmod 755 /var/db/pkg should fix this.
 
Back
Top