Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 06 Mar 2011 21:14:04 +0530
From:      ashish@FreeBSD.org (Ashish SHUKLA)
To:        Lawrence Stewart <lstewart@FreeBSD.org>
Cc:        Ashish SHUKLA <ashish@FreeBSD.org>, freebsd-ports@FreeBSD.org
Subject:   Re: Adding a PAM config option to net-im/ejabberd
Message-ID:  <86sjv05k57.fsf@chateau.d.if>
In-Reply-To: <4D7305C5.5040709@freebsd.org> (Lawrence Stewart's message of "Sun, 06 Mar 2011 14:55:49 %2B1100")
References:  <4D44FD91.7070607@freebsd.org> <86r5buec8e.fsf@chateau.d.if> <4D45F219.6070207@freebsd.org> <86ipx5esde.fsf@chateau.d.if> <4D7305C5.5040709@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Lawrence Stewart writes:
> On 01/31/11 13:09, Ashish SHUKLA wrote:
>> Lawrence Stewart writes:
>>> On 01/31/11 00:45, Ashish SHUKLA wrote:
>>>> Hi Lawrence,
>>>>=20
>>>> Lawrence Stewart writes:
>>>>> Hi Ashish,
>>>>=20
>>>>> What do you think about applying the attached patch to the ejabberd
>>>>> port? It installs some parts required to allow ejabberd to auth again=
st
>>>>> PAM and is working great for me.
>>>>=20
>>>> Sure, I can apply it, once ports freeze is over. I also need to update
>>>> ejabberd. I'll do both together.
>>=20
>>> Sounds good, thanks. One question: in order to get PAM auth working, you
>>> have to set uid root on the epam bits and chown them appropriately in
>>> order to allow things to work. Should the port installation process do
>>> these steps as well or should we leave them to the user? I would be
>>> inclined to have the port do them so that upgrading the port doesn't
>>> break PAM auth after the upgrade. We would want to print a big warning
>>> at the end of the port install about the set uid security aspects thoug=
h.
>>=20
>> Thanks for the mention, I suggest adding mention of setuid bit in the
>> description of the OPTION. And ofcourse port is going to set the setuid =
bit
>> during installation.
>>=20
>> And `security-check' target in bsd.port.mk will catch the setuid bit set=
 on
>> the installed executable, and will inform the user as well. So, adding a
>> warning about setuid bit be redundant, IMHO.

> Updated patch attached. Feel like committing it for me?

Sure. I'm doing an update to 2.1.6 this week, and will include your diff.

Thanks
=2D-=20
Ashish SHUKLA      | GPG: F682 CDCC 39DC 0FEA E116  20B6 C746 CFA9 E74F A4B0
freebsd.org!ashish | http://people.freebsd.org/~ashish/

Avoid Success At All Costs !!

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)

iQIcBAEBCgAGBQJNc6vFAAoJEMdGz6nnT6SwpXIP/Rd2Hkepmr1+XSbjMWl2ZtyT
sME2XmhyNMcAvgPWPtzvhkBhxOLVP/WeyZXHr4FjAIkirOA8yzeLW5AVcXiszl5E
AF0iWYgIg3ovloYZgP7qB9X5wMDxLTPpANksCTtS7RLADKWmSiuRBhFyCgjy+UWA
wLtOHnbO0Jyw/inxCin+WI5/hpL0P1JqlE/h0wra+zHzaAr+49tOu1UR1D1alxqe
/KnGis6WxcnnjFpsATo50m6Z2mj023rx83p65BVJqQ86QjiCD7bYsdU2U8RhohYL
3qcBRp0I1B9vp1Ba4memGxzDvQUF/fwYXwBPnz1CK1l+8bxkn1aC3TkELl/F6hzY
K1Eg0WdwlKf943lJh0gUOIGPIsJkRyak0l6KPQqcR3VK1sDb6USgLjH3rIM49sWR
fXce6Oah7168mzVP2Z1R7Xu+iIn6bi/DY4HUNNZ69J5srNGHzxmK4xv05yIH8/Wg
Erv6ZXRlVQiyBz6euRUPw/i39ZB8SDXZEfSOvqOnDpbgG6Rp+/b8/THgku0+UVeg
MqCsGjVau77wCDMqda9anBPEq9ndFeAIZ3aGm4xJB5Fee2vSHajTaEzq6/VIMZ6T
3nPaoJvvSNKr7csMz4/NKUypn+4XXvFA/aT3Y4A7KPCwCj9bDBNoHqG/g6BUaUBh
S7UWdeQg+CftW+4zKjeR
=rt4G
-----END PGP SIGNATURE-----
--=-=-=--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86sjv05k57.fsf>