Date: Sun, 20 Nov 2016 22:17:59 -0500 (EST) From: Igor Roshchin <freebsd@str.komkon.org> To: sunpoet@FreeBSD.org Cc: FreeBSD Port Management Team <portmgr@FreeBSD.org> Subject: tinyproxy port is unfixed for long time with several problems Message-ID: <alpine.BSF.2.20.1611180905190.96963@tissa.komkon.org> Resent-Message-ID: <05559e73-461a-ac7b-fda0-399717a47f63@mat.cc>
next in thread | raw e-mail | index | archive | help
Hello! A few days ago, I installed tinyproxy port from the package (pkg install). I see that tinyproxy [still] has two problems that had been reported and discussed in various venues, including at least one FreeBSD bug report. Unfortunately, nothing has been done with that for a long time. 1. Problem #1: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207051 - see the initial description by Jason Mann there: Daemon is listening on ipv6 only. 2. Problem #2: https://github.com/tinyproxy/tinyproxy/issues/24 Daemon is unable to create the .pid file in /var/run due to dropped privelege. A possible solution: create /var/run/tinyproxy owned by nobody:nobody and change the pid file to /var/run/tinyproxy/tinyproxy.pid There is some resistance from @obnoxxx, but I suspect (and hope) it is from the misunderstanding. There is a more detailed explanation of what could be done (see the recent post by St-Ranger there). And an optional change, but useful (IMHO) from the security point of view: 3. Replace the user/group "nobody" used by the daemon to the dedicated "tinyproxy:tinyproxy". This would separate this server from any other, - in the way that is done with several other ports on FreeBSD. Best regards, Igor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1611180905190.96963>