Date: Thu, 19 Apr 2007 21:15:52 +0200 (CEST) From: Sten Spans <sten@mx0.blinkenlights.nl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/111915: Update port: make setuid operation configurable Message-ID: <20070419191552.0F19873031@mx0.blinkenlights.nl> Resent-Message-ID: <200704191940.l3JJeBSE034144@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 111915 >Category: ports >Synopsis: Update port: make setuid operation configurable >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Apr 19 19:40:10 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Sten Spans >Release: FreeBSD 6.2-RELEASE i386 >Organization: >Environment: System: FreeBSD earth.blinkenlights.nl 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Sun Jan 28 15:02:12 CET 2007 root@earth.blinkenlights.nl:/usr/obj/usr/src/sys/1650 i386 >Description: Make setuid operation and user creation configurable, as requested by users >How-To-Repeat: >Fix: diff -Nru powerdns-recursor/Makefile powerdns-recursor.new/Makefile --- Makefile.orig Tue Feb 6 22:59:35 2007 +++ Makefile Thu Apr 19 02:44:48 2007 @@ -7,7 +7,7 @@ PORTNAME= powerdns-recursor PORTVERSION= 3.1.4 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= dns ipv6 MASTER_SITES= http://downloads.powerdns.com/releases/ \ http://mirrors.evolva.ro/powerdns.com/releases/ @@ -20,9 +20,10 @@ USE_BZIP2= yes USE_GMAKE= yes -USE_GCC= 3.4 +USE_GCC= 3.4+ -OPTIONS= STATIC "Enable Full STATIC" off +OPTIONS= STATIC "Enable Full STATIC" off \ + SETUID "Run as pdns_recursor user" on CXXFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib @@ -41,6 +42,10 @@ PLIST_SUB+= STATIC="@comment " .endif +.if defined(WITH_SETUID) +EXTRA_PATCHES+= ${PATCHDIR}/extrapatch-setuid +.endif + .if exists(/usr/include/ucontext.h) && ${OSVERSION} >= 500000 UCONTEXT!= ${AWK} '/setcontext/ { print "YES" }' \ /usr/include/ucontext.h @@ -58,8 +63,10 @@ ${WRKSRC}/config.h +.if defined(WITH_SETUID) pre-install: @${ECHO} "==> Creating custom user to run pdns_recursor..." @${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL +.endif post-install: .if !exists(${PREFIX}/etc/pdns/recursor.conf) diff -Nru powerdns-recursor/files/extrapatch-setuid powerdns-recursor.new/files/extrapatch-setuid --- files/extrapatch-setuid Thu Jan 1 01:00:00 1970 +++ files/extrapatch-setuid Thu Apr 19 02:43:41 2007 @@ -0,0 +1,13 @@ +--- pdns_recursor.cc.orig Wed Jan 17 23:45:51 2007 ++++ pdns_recursor.cc Thu Jan 18 00:01:47 2007 +@@ -1669,8 +1669,8 @@ + ::arg().set("daemon","Operate as a daemon")="yes"; + ::arg().set("log-common-errors","If we should log rather common errors")="yes"; + ::arg().set("chroot","switch to chroot jail")=""; +- ::arg().set("setgid","If set, change group id to this gid for more security")=""; +- ::arg().set("setuid","If set, change user id to this uid for more security")=""; ++ ::arg().set("setgid","If set, change group id to this gid for more security")="pdns"; ++ ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor"; + #ifdef WIN32 + ::arg().set("quiet","Suppress logging of questions and answers")="off"; + ::arg().setSwitch( "register-service", "Register the service" )= "no"; diff -Nru powerdns-recursor/files/patch-pdns_nameserver.cc powerdns-recursor.new/files/patch-pdns_nameserver.cc --- patch-pdns_nameserver.cc Thu Jan 18 19:57:26 2007 +++ files/patch-pdns_nameserver.cc Thu Apr 19 02:43:59 2007 @@ -1,16 +1,5 @@ --- pdns_recursor.cc.orig Wed Jan 17 23:45:51 2007 +++ pdns_recursor.cc Thu Jan 18 00:01:47 2007 -@@ -1669,8 +1669,8 @@ - ::arg().set("daemon","Operate as a daemon")="yes"; - ::arg().set("log-common-errors","If we should log rather common errors")="yes"; - ::arg().set("chroot","switch to chroot jail")=""; -- ::arg().set("setgid","If set, change group id to this gid for more security")=""; -- ::arg().set("setuid","If set, change user id to this uid for more security")=""; -+ ::arg().set("setgid","If set, change group id to this gid for more security")="pdns"; -+ ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor"; - #ifdef WIN32 - ::arg().set("quiet","Suppress logging of questions and answers")="off"; - ::arg().setSwitch( "register-service", "Register the service" )= "no"; @@ -1691,7 +1691,7 @@ ::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2"; ::arg().set("max-tcp-clients","Maximum number of simultaneous TCP clients")="128"; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070419191552.0F19873031>