From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Dec 13 04:00:22 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE66D1065679 for ; Mon, 13 Dec 2010 04:00:22 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 12FB28FC16 for ; Mon, 13 Dec 2010 04:00:20 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBD40Koj039035 for ; Mon, 13 Dec 2010 04:00:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBD40KtO039028; Mon, 13 Dec 2010 04:00:20 GMT (envelope-from gnats) Resent-Date: Mon, 13 Dec 2010 04:00:20 GMT Resent-Message-Id: <201012130400.oBD40KtO039028@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Rob Farmer Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 64A4C1065673 for ; Mon, 13 Dec 2010 03:52:32 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 4DF508FC0C for ; Mon, 13 Dec 2010 03:52:32 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id oBD3qWWT099666 for ; Mon, 13 Dec 2010 03:52:32 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id oBD3qWqG099665; Mon, 13 Dec 2010 03:52:32 GMT (envelope-from nobody) Message-Id: <201012130352.oBD3qWqG099665@red.freebsd.org> Date: Mon, 13 Dec 2010 03:52:32 GMT From: Rob Farmer To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/153115: [maintainer] [patch] shells/scponly Note security concern, cleanups X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 04:00:23 -0000 >Number: 153115 >Category: ports >Synopsis: [maintainer] [patch] shells/scponly Note security concern, cleanups >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Dec 13 04:00:19 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Rob Farmer >Release: 9.0-CURRENT >Organization: >Environment: FreeBSD topaz.predatorlabs.net 9.0-CURRENT FreeBSD 9.0-CURRENT #0 r216392: Sun Dec 12 03:46:58 PST 2010 rfarmer@topaz.predatorlabs.net:/usr/obj/usr/src/sys/TOPAZ amd64 >Description: Most important: -Patch SECURITY doc to include note about bypassing rsync argument checking with popt (from upstream) and tell people to read it And some minor cleanup: -Drop long comment describing knobs - it just duplicates OPTIONS -For SCPONLY_DEFAULT_CHDIR, print a note about setting it. I'm not sure if post-patch is the best place for this, though? -Drop dead site and just use Sourceforge -Use the PORTDOCS variable -Install some useful docs and drop useless one (TODO) -Drop pre-everything message about defaults changing; that was 5 years ago -LOCALBASE vs. PREFIX correction -Add post-install messages to the plist so package users see them too >How-To-Repeat: >Fix: Patch attached with submission follows: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/shells/scponly/Makefile,v retrieving revision 1.35 diff -u -r1.35 Makefile --- Makefile 7 Dec 2010 21:46:51 -0000 1.35 +++ Makefile 12 Dec 2010 16:51:17 -0000 @@ -5,76 +5,11 @@ # $FreeBSD: ports/shells/scponly/Makefile,v 1.35 2010/12/07 21:46:51 ohauer Exp $ # -# There are many knobs to tune scponly towards your specific wishes -# and preferences. -# You can activate a knob by typing something like -# "make -DKNOB" or "make KNOB=yes" instead of just "make" -# -# A description of the several possibilities is available here: -# -# -# Core funcionality: -# -# SCPONLY_DEFAULT_CHDIR=DIR -# default: undefined -# example: public_html -# define if you want to make users `cd' to this directory after authentication -# -# WITHOUT_SCPONLY_WILDCARDS -# default: undefined -# define if you want to disable wildcard processing. -# -# WITHOUT_SCPONLY_GFTP -# default: undefined -# define if you want to disable gftp compatibility. -# -# WITH_SCPONLY_CHROOT -# default: undefined -# define if you want to use chroot functionality (set UID to root). -# -# WITH_SCPONLY_RSYNC -# default: undefined -# define if you want to enable rsync compatibility. -# -# WITH_SCPONLY_SCP -# default: undefined -# define if you want to enable vanilla scp compatibility. -# -# WITH_SCPONLY_SFTP_LOGGING -# default: undefined -# define if you want to enable sftp logging compatibility. -# -# WITH_SCPONLY_SVN -# default: undefined -# define if you want to enable subversion compatibility. -# -# WITH_SCPONLY_SVNSERVE -# default: undefined -# define if you want to enable subversion compatibility with svn+ssh:// -# -# WITH_SCPONLY_UNISON -# default: undefined -# define if you want to enable unison compatibility. -# -# WITH_SCPONLY_WINSCP -# default: undefined -# define if you want to enable WinSCP compatibility. -# -# -# Additional knobs: -# -# NOPORTDOCS -# default: undefined -# This knob prevents the ports system from installing additional -# documentation. If you define this, only the manpage is going -# to be installed. - PORTNAME= scponly PORTVERSION= 4.8 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= shells security -MASTER_SITES= http://www.sublimation.org/scponly/ \ - SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION} +MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION} EXTRACT_SUFX= .tgz MAINTAINER= rfarmer@predatorlabs.net @@ -82,6 +17,8 @@ MAN8= scponly.8 +PORTDOCS= BUILDING-JAILS.TXT INSTALL README SECURITY + GNU_CONFIGURE= yes OPTIONS= SCPONLY_WILDCARDS "wildcards processing" on \ @@ -153,14 +90,10 @@ CONFIGURE_ARGS+=--enable-winscp-compat .endif -pre-everything:: - @${ECHO_MSG} "From scponly 4.2, scp & WinSCP compatibilities are not" - @${ECHO_MSG} "enabled by default. To enable those compatibilities," - @${ECHO_MSG} "define WITH_SCPONLY_SCP and/or WITH_SCPONLY_WINSCP," - @${ECHO_MSG} "respectively." - @${ECHO_MSG} "" - @${ECHO_MSG} "You can enable chroot functionality by defining WITH_SCPONLY_CHROOT." - @${ECHO_MSG} "" +post-patch: + @${ECHO_MSG} "In addition to knobs available from the OPTIONS dialog," + @${ECHO_MSG} "you may set SCPONLY_DEFAULT_CHDIR to make users 'cd' to" + @${ECHO_MSG} "this directory after authentication." post-install: @${ECHO_MSG} "Updating /etc/shells" @@ -180,14 +113,19 @@ @${ECHO_MSG} "To setup chroot cage, run the following commands:" @${ECHO_MSG} " 1) cd ${EXAMPLESDIR}/ && ${SH} setup_chroot.sh" @${ECHO_MSG} " 2) Set scponlyc_enable=\"YES\" in /etc/rc.conf" - @${ECHO_MSG} " 3) Run ${LOCALBASE}/etc/rc.d/scponly start" + @${ECHO_MSG} " 3) Run ${PREFIX}/etc/rc.d/scponly start" @${ECHO_MSG} "" .endif .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} -.for i in README INSTALL TODO +.for i in ${PORTDOCS} @${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR} .endfor + @${ECHO_MSG} "" + @${ECHO_MSG} "For information on several potential security concerns," + @${ECHO_MSG} "please read:" + @${ECHO_MSG} "${DOCSDIR}/SECURITY" + @${ECHO_MSG} "" .endif .include Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/shells/scponly/pkg-plist,v retrieving revision 1.5 diff -u -r1.5 pkg-plist --- pkg-plist 20 Mar 2004 09:54:29 -0000 1.5 +++ pkg-plist 12 Dec 2010 16:42:50 -0000 @@ -1,15 +1,20 @@ bin/scponly @exec echo "Updating /etc/shells"; cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak; echo %D/%F) >/etc/shells; rm -f /etc/shells.bak @unexec echo "Updating /etc/shells"; cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak) >/etc/shells; rm -f /etc/shells.bak +%%SCPONLY_CHROOT%%@exec echo "" +%%SCPONLY_CHROOT%%@exec echo "To setup chroot cage, run the following commands:" +%%SCPONLY_CHROOT%%@exec echo " 1) cd %%PREFIX%%/%%EXAMPLESDIR%%/ && /bin/sh setup_chroot.sh" +%%SCPONLY_CHROOT%%@exec echo " 2) Set scponlyc_enable=\"YES\" in /etc/rc.conf" +%%SCPONLY_CHROOT%%@exec echo " 3) Run %%PREFIX%%/etc/rc.d/scponly start" +%%PORTDOCS%%@exec echo "" +%%PORTDOCS%%@exec echo "For information on several potential security concerns," +%%PORTDOCS%%@exec echo "please read:" +%%PORTDOCS%%@exec echo "%%PREFIX%%/%%DOCSDIR%%/SECURITY" %%SCPONLY_CHROOT%%sbin/scponlyc %%SCPONLY_CHROOT%%@exec cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak; echo %D/%F) >/etc/shells; rm -f /etc/shells.bak %%SCPONLY_CHROOT%%@unexec cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak) >/etc/shells; rm -f /etc/shells.bak %%SCPONLY_CHROOT%%%%EXAMPLESDIR%%/setup_chroot.sh %%SCPONLY_CHROOT%%%%EXAMPLESDIR%%/config.h etc/scponly/debuglevel -%%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%%%DOCSDIR%%/INSTALL -%%PORTDOCS%%%%DOCSDIR%%/TODO @dirrm etc/scponly -%%PORTDOCS%%@dirrm %%DOCSDIR%% %%SCPONLY_CHROOT%%@dirrm %%EXAMPLESDIR%% Index: files/patch-SECURITY =================================================================== RCS file: files/patch-SECURITY diff -N files/patch-SECURITY --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-SECURITY 12 Dec 2010 16:26:47 -0000 @@ -0,0 +1,32 @@ +--- SECURITY.orig 2010-12-10 15:03:24.950162769 -0800 ++++ SECURITY 2010-12-10 15:03:31.669374009 -0800 +@@ -28,6 +28,10 @@ + + svn, svnserve, rsync, and unison + ++ Note specifically that rsync uses popt for parsing command line arguments ++ and popt explicitly checks /etc/popt and $HOME/.popt for aliases. Thus, ++ users can likely bypass argument checking for rsync. ++ + 4) Make sure that all files required for the chroot have the IMMUTABLE and + UNDELETABLE bits set. Other bits might also be prudent. See: man 1 chattr. + +@@ -39,13 +43,16 @@ + ~/.ssh, ~/.unison, ~/.subversion + + NOTE: depending on file permissions in the above, ssh, unison, and +- subversion may not work correctly. ++ subversion may not work correctly. Also note that the location of the ++ above directories is sometimes system dependent, so please check the ++ documentation specific to your system. + + 7) Make sure that every directory the users have write permissions to are + on a filesystem that is mounted NODEV, NOEXEC. Eg. Make sure that they + cannot execute files that they have permissions to upload. They should + also not need permissions to create any devices. If the user can't execute +- any files that he has access to upload, then you need not worry about the ++ any files that he has access to upload and the executable files on the ++ system are not considered harmful, then you need not worry about the + security problems referencing svn/svnserve above! + + 8) Monitor your logs! If you start to see something funny, odd, or strange in >Release-Note: >Audit-Trail: >Unformatted: