Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 May 2024 03:53:40 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 279391] www/xcaddy: With default xcaddy config, Caddy runs as root
Message-ID:  <bug-279391-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279391

            Bug ID: 279391
           Summary: www/xcaddy: With default xcaddy config, Caddy runs as
                    root
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: olgeni@FreeBSD.org
          Reporter: bob@vesterman.com
          Assignee: olgeni@FreeBSD.org
             Flags: maintainer-feedback?(olgeni@FreeBSD.org)

I guess this is not a *bug*, strictly speaking, but unless I'm missing
something, it seems pretty concerning:

www/xcaddy suggests (in pkg-message or pkg-description or some such place)
using an rc script for Caddy which can be found in /usr/ports/www/xcaddy/fi=
les.
This rc script, by default, will cause Caddy to run as root.

This surprised me very much. Poking around on the web, I found this page on=
 the
FreeBSD wiki explaining the situation and how to deal with it:

https://wiki.freebsd.org/ThomasHurst/Caddy

The steps involved are clear and simple, but they are NOT obvious. Nor is t=
he
location of this information (random page on a wiki) obvious. As far as I c=
an
see, there's nothing in xcaddy's pkg-message/whatever mentioning the issue,=
 how
to resolve it, or where to look for the detailed information about how to
resolve it. Instead, it just... runs as root by default and doesn't mention
it's going to do that.

While typing up this bug report, I noticed that similar ones were submitted=
 for
www/caddy itself (as opposed to www/xcaddy), and it has been marked as "fix=
ed".
Here's what seems to be the main one:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273181

I think the same sort of fix should be carried over to www/xcaddy.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-279391-7788>