Date: Sat, 28 Feb 2026 14:53:16 +0000 From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 5129bd54c165 - main - net/fiche: Fix dropping privs Message-ID: <69a3015c.307b9.759412a2@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by zi: URL: https://cgit.FreeBSD.org/ports/commit/?id=5129bd54c165944ae86f4f677e54eb181fc5d446 commit 5129bd54c165944ae86f4f677e54eb181fc5d446 Author: Ryan Steinmetz <zi@FreeBSD.org> AuthorDate: 2026-02-28 14:52:34 +0000 Commit: Ryan Steinmetz <zi@FreeBSD.org> CommitDate: 2026-02-28 14:52:34 +0000 net/fiche: Fix dropping privs PR: 293501 Reported by: Benjamin Takacs <nimaje+fbz@bureaucracy.de> --- net/fiche/Makefile | 8 ++++---- net/fiche/files/fiche.in | 8 +++++++- net/fiche/files/pkg-message.in | 9 +++++++++ 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/net/fiche/Makefile b/net/fiche/Makefile index c5d478378267..73c5d8cc5c3e 100644 --- a/net/fiche/Makefile +++ b/net/fiche/Makefile @@ -1,6 +1,6 @@ PORTNAME= fiche PORTVERSION= 0.9.1 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= net MAINTAINER= zi@FreeBSD.org @@ -9,9 +9,6 @@ WWW= https://github.com/solusipse/fiche LICENSE= MIT -USERS= ${PORTNAME} -GROUPS= ${PORTNAME} - USES= compiler:c++11-lang USE_GITHUB= yes GH_ACCOUNT= solusipse @@ -19,6 +16,9 @@ GH_ACCOUNT= solusipse USE_RC_SUBR= ${PORTNAME} SUB_FILES= pkg-message +USERS= ${PORTNAME} +GROUPS= ${PORTNAME} + do-install: @${MKDIR} ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${WWWDIR} ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/sbin diff --git a/net/fiche/files/fiche.in b/net/fiche/files/fiche.in index d3037a407645..4a6a36914a5d 100644 --- a/net/fiche/files/fiche.in +++ b/net/fiche/files/fiche.in @@ -13,6 +13,8 @@ # fiche_options (str): Additional flags Default "" # fiche_output (str): Default "/usr/local/www/fiche" # fiche_logfile (str): Default "/var/log/fiche/fiche.log" +# fiche_user (str): Default "fiche" +# fiche_group (str): Default "fiche" . /etc/rc.subr @@ -27,6 +29,8 @@ load_rc_config $name : ${fiche_output="%%WWWDIR%%"} : ${fiche_domain="localhost"} : ${fiche_logfile="/var/log/${name}/${name}.log"} +: ${fiche_user="fiche"} +: ${fiche_group="fiche"} start_precmd="${name}_prestart" pidfile="${fiche_pidfile}" @@ -40,7 +44,9 @@ command_args="-fp ${pidfile} %%PREFIX%%/sbin/fiche \ ${fiche_options}" fiche_prestart() { - install -d -o 477 -g 477 -m 755 /var/log/${name} + touch ${fiche_pidfile} + chown ${fiche_user} ${fiche_pidfile} + install -d -o ${fiche_user} -g ${fiche_group} -m 755 /var/log/${name} } run_rc_command "$1" diff --git a/net/fiche/files/pkg-message.in b/net/fiche/files/pkg-message.in index 3276d0c519da..e606e1c10af4 100644 --- a/net/fiche/files/pkg-message.in +++ b/net/fiche/files/pkg-message.in @@ -16,4 +16,13 @@ ensure that fiche hands out URLs prefixed with https://: sysrc fiche_flags="-S" EOM } +{ type: upgrade + maximum_version: "0.9.1_4" + message: <<EOM +The service was updated to drop privileges to the user specified in $fiche_user +(defaults to fiche) as intended, instead of running as root. +You might need to change owner of the log file and $fiche_output, +so that fiche can write those. +EOM +} ]home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69a3015c.307b9.759412a2>