Date: Tue, 17 Aug 2021 06:19:52 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 257906] security/sudo: add openssl support Message-ID: <bug-257906-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D257906 Bug ID: 257906 Summary: security/sudo: add openssl support Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: garga@FreeBSD.org Reporter: peter@czanik.hu Assignee: garga@FreeBSD.org Flags: maintainer-feedback?(garga@FreeBSD.org) I'm writing technical blogs about sudo, and while doing so, I discovered th= at openssl support is not enabled in the security/sudo port and it's not even available as an option. When it is enabled, one can encrypt the connection between sudo and sudo_logsrvd. The simple patch below adds optional openssl support. I think, it should be enabled by default, but for now I kept it optional.=20 root@fb130:~ # diff -u /usr/ports/security/sudo/Makefile sudo/Makefile --- /usr/ports/security/sudo/Makefile 2021-08-13 15:10:44.000000000 +0200 +++ sudo/Makefile 2021-08-11 11:20:21.962615000 +0200 @@ -28,7 +28,7 @@ --with-rundir=3D/var/run/sudo OPTIONS_DEFINE=3D LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL= \ - AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES + AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES SSL OPTIONS_RADIO=3D KERBEROS OPTIONS_DEFAULT=3D AUDIT PAM OPTIONS_SUB=3D yes @@ -42,6 +42,7 @@ OPIE_DESC=3D Enable one-time passwords (no PAM support) PYTHON_DESC=3D Enable python plugin support SSSD_DESC=3D Enable SSSD backend support. +SSL_DESC=3D Allow encryption between sudo and sudo_logsrvd PAM_PREVENTS=3D OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT PAM_PREVENTS_MSG=3D PAM cannot be combined with any other authentication p= lugin @@ -93,6 +94,9 @@ .if defined(SUDO_KERB5_INSTANCE) CONFIGURE_ARGS+=3D --enable-kerb5-instance=3D"${SUDO_KERB5_INSTANCE}" .endif + +SSL_USES=3D ssl +SSL_CONFIGURE_ON=3D --enable-openssl .include <bsd.port.options.mk> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-257906-7788>