Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Aug 2021 06:19:52 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 257906] security/sudo: add openssl support
Message-ID:  <bug-257906-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D257906

            Bug ID: 257906
           Summary: security/sudo: add openssl support
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: garga@FreeBSD.org
          Reporter: peter@czanik.hu
          Assignee: garga@FreeBSD.org
             Flags: maintainer-feedback?(garga@FreeBSD.org)

I'm writing technical blogs about sudo, and while doing so, I discovered th=
at
openssl support is not enabled in the security/sudo port and it's not even
available as an option. When it is enabled, one can encrypt the connection
between sudo and sudo_logsrvd.

The simple patch below adds optional openssl support. I think, it should be
enabled by default, but for now I kept it optional.=20

root@fb130:~ # diff -u /usr/ports/security/sudo/Makefile  sudo/Makefile
--- /usr/ports/security/sudo/Makefile 2021-08-13 15:10:44.000000000 +0200
+++ sudo/Makefile 2021-08-11 11:20:21.962615000 +0200
@@ -28,7 +28,7 @@
  --with-rundir=3D/var/run/sudo

 OPTIONS_DEFINE=3D LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL=
 \
- AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES
+ AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES SSL
 OPTIONS_RADIO=3D KERBEROS
 OPTIONS_DEFAULT=3D AUDIT PAM
 OPTIONS_SUB=3D yes
@@ -42,6 +42,7 @@
 OPIE_DESC=3D Enable one-time passwords (no PAM support)
 PYTHON_DESC=3D Enable python plugin support
 SSSD_DESC=3D Enable SSSD backend support.
+SSL_DESC=3D Allow encryption between sudo and sudo_logsrvd

 PAM_PREVENTS=3D OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
 PAM_PREVENTS_MSG=3D PAM cannot be combined with any other authentication p=
lugin
@@ -93,6 +94,9 @@
 .if defined(SUDO_KERB5_INSTANCE)
 CONFIGURE_ARGS+=3D --enable-kerb5-instance=3D"${SUDO_KERB5_INSTANCE}"
 .endif
+
+SSL_USES=3D ssl
+SSL_CONFIGURE_ON=3D --enable-openssl

 .include <bsd.port.options.mk>

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-257906-7788>