From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Jul 22 12:00:36 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5FDD16A4E7 for ; Sat, 22 Jul 2006 12:00:36 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F07843D55 for ; Sat, 22 Jul 2006 12:00:35 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k6MC0ZL9056554 for ; Sat, 22 Jul 2006 12:00:35 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k6MC0ZWS056553; Sat, 22 Jul 2006 12:00:35 GMT (envelope-from gnats) Resent-Date: Sat, 22 Jul 2006 12:00:35 GMT Resent-Message-Id: <200607221200.k6MC0ZWS056553@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Babak Farrokhi" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC13E16A4F3 for ; Sat, 22 Jul 2006 11:56:57 +0000 (UTC) (envelope-from babak@farrokhi.net) Received: from Plesk.datak.net (plesk.datak-telecom.net [81.91.129.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF18843D5C for ; Sat, 22 Jul 2006 11:56:56 +0000 (GMT) (envelope-from babak@farrokhi.net) Received: (qmail 2568 invoked from network); 22 Jul 2006 16:26:54 +0430 Received: from unknown (HELO starfish.datak.net) (81.91.130.217) by 81.91.129.125 with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 Jul 2006 16:26:54 +0430 Message-Id: <1153569414.20423@starfish.datak.net> Date: Sat, 22 Jul 2006 15:26:54 +0330 From: "Babak Farrokhi" To: "FreeBSD gnats submit" X-Send-Pr-Version: gtk-send-pr 0.4.7 Cc: Subject: ports/100715: [Maintainer Update] port security/super - add MASTER_SITES X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jul 2006 12:00:36 -0000 >Number: 100715 >Category: ports >Synopsis: [Maintainer Update] port security/super - add MASTER_SITES >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Jul 22 12:00:34 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Babak Farrokhi >Release: FreeBSD 6.1-STABLE i386 >Organization: >Environment: System: FreeBSD 6.1-STABLE #2: Tue Jul 11 14:37:46 IRST 2006 root@starfish.datak.net:/usr/obj/usr/src/sys/SMP >Description: - add MASTER_SITES - update pkg-descr to make portlint happy - add WWW and AUTHOR >How-To-Repeat: >Fix: --- super.patch begins here --- diff -ruN super.orig/Makefile super/Makefile --- super.orig/Makefile Sat Jul 22 15:16:52 2006 +++ super/Makefile Sat Jul 22 15:21:35 2006 @@ -9,7 +9,8 @@ PORTNAME= super PORTVERSION= 3.26.1 CATEGORIES= security sysutils -MASTER_SITES= ftp://ftp.ucolick.org/pub/users/will/ +MASTER_SITES= ftp://ftp.ucolick.org/pub/users/will/ \ + http://www.ucolick.org/~will/RUE/super/ EXTRACT_SUFX= -tar.gz MAINTAINER= babak@farrokhi.net diff -ruN super.orig/pkg-descr super/pkg-descr --- super.orig/pkg-descr Sat Jul 22 15:16:52 2006 +++ super/pkg-descr Sat Jul 22 15:23:46 2006 @@ -1,4 +1,4 @@ -Super is a setuid-root program that offers +Super is a setuid-root program that offers: o restricted setuid-root access to executables, adjustable on a per-program and per-user basis; @@ -7,30 +7,8 @@ scripts can be run as root (or some other uid/gid), without unduly compromising security. -Sample uses: - - to call a script that allows users to use mount(8) on - cdrom's or floppy disks, but not other devices. +The design philosophy behind super is two-fold: - - to restrict which users, on which hosts, may execute a - setuid-root program. - - - to allow groups of trusted users (e.g. an "operator" group) complete - root access to sets of selected commands such as, say, line-printer - control commands, without giving away access to other commands, - and with full logging of all commands used. - - -Super and sudo --------------- -Sudo -- - Sudo allows a permitted user to execute a command as the superuser. - Its central design philosophy is that each user can be - trusted when executing certain commands. This is implemented - by allowing each user to execute the restricted commands for - which s/he is trusted, without giving access to other restricted commands. - -Super -- - The design philosophy behind super is two-fold: (a) some users can be trusted when executing certain commands; (b) there are some commands, such as a script to mount CDROM's, which you'd like to be safely executable even by users who @@ -39,14 +17,5 @@ can be hard to break, and super provides that wrapper so that even a non-trusted user can use the scripts. -In the author's view, the main differences to the administrator are: - - (1) the files that specify valid user/command combinations have - a different look and feel. - - (2) super provides a safe wrapper for scripts, so that a - well-written script can be run safely by ordinary - users without having to actually trust them. - - --- David (obrien@FreeBSD.org) +WWW: http://www.ucolick.org/~will/#super +AUTHOR: Will Deich --- super.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: