From owner-freebsd-ports@FreeBSD.ORG  Mon Jan 31 02:09:41 2011
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from chateau.d.if (localhost [IPv6:::1])
	by hub.freebsd.org (Postfix) with ESMTP id BE6C51065679;
	Mon, 31 Jan 2011 02:09:40 +0000 (UTC)
	(envelope-from ashish@freebsd.org)
Received: from chateau.d.if (chateau.d.if [IPv6:::1])
	by chateau.d.if (Postfix) with ESMTP id C57E545612;
	Mon, 31 Jan 2011 07:39:38 +0530 (IST)
From: ashish@freebsd.org (Ashish SHUKLA)
To: Lawrence Stewart <lstewart@freebsd.org>
Organization: Lost Case
References: <4D44FD91.7070607@freebsd.org> <86r5buec8e.fsf@chateau.d.if>
	<4D45F219.6070207@freebsd.org>
X-Face: )vGQ9yK7Y$Flebu1C>(B\gYBm)[$zfKM+p&TT[[JWl6:]S>cc$%-z7-`46Zf0B*syL.C]oCq[upTG~zuS0.$"_%)|Q@$hA=9{3l{%u^h3jJ^Zl;
	t7
X-Uptime: 7:24AM  up 13:30, 11 users, load averages: 0.12, 0.17, 0.11
X-URL: http://www.lostca.se/
X-Operating-System: FreeBSD/FreeBSD 8.1-RELEASE/amd64
X-OpenPGP-Fingerprint: F682 CDCC 39DC 0FEA E116  20B6 C746 CFA9 E74F A4B0
X-Attribution: =?utf-8?B?4KSG4KS24KWA4KS3?=
Organisation: Lost Case
Date: Mon, 31 Jan 2011 07:39:33 +0530
In-Reply-To: <4D45F219.6070207@freebsd.org> (Lawrence Stewart's message of
	"Mon, 31 Jan 2011 10:19:53 +1100")
Message-ID: <86ipx5esde.fsf@chateau.d.if>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (amd64-portbld-freebsd8.1)
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJ1BMVEWpqal/f39tbW1jY2Md
	HR2goKCenp6UlJROTk7////9/f35+fnT09ORJdieAAACVklEQVQ4jXXUP2vbQBQA8AvUTkgz5OzY
	Z0iGWhpS6BSrkECn0mvx0MEJ6AjtYrfoBCVDlD8naJYmNlRfwZq8+mkKlIZaGpJSYmP7Q/XkJDrJ
	Td8i/H68u3vHPaPufwLdf32AMA4A6GcAgvAamY1pOJiDIFqicTwLswDhfr3uxfFtkAY/GFHPMwzD
	8zpnACmIOnE6js7rQb+v4NJrG9od0C+QgpHMy5jBewV+UDSMWiw1Y4fWfyV7+NGFzDsYa3pth9LJ
	Q4XvXxFHcJRvHOmygn5NAEabnDcQQguarnfoiwSCJ99jmKKcphsZONmWsDK9Ro7cvZOCtQdg8nje
	egLhc2LNlkLmsezzTFUUy5w18ocox/f0LaLgJy0zO75zk+9pp85GAj36xjqhdI0y3tq2m4dqqcWX
	zQWBTz8L1irvolXV4J+3q7eCDgVnttjNq6X8H+9KOZsuNk1uCzx8pSp+E9HImfJOTLdcGqo+YKnG
	EIovizkEn48V7BO+ch2DXcD4ENSpWiU+q8hjjbgTBZCXnZtyj0Ws4Q1Q0B2WXFtYZo65Bbyeeldw
	RS6qFueM80LlLA29YlVwGRYvFD+kwI/0O+A2PlpOP9GwslUVciHuYGechuBTp922YiDZCrghTknm
	XSyOM+D3aoRZlo0Jb42zY7DN4p2x4AeZ+QAYutx1sHwTHzMT5cMNduQ9yW3GczN4KZ86kb0c9O8T
	yXDeFqpl2fryPEAYGXIlezAPXYh2NgVr/gvdoHIuDwuPwOhcWE8f8mmICq41eATkn8x0kuRTIKcB
	wE9+/QUtiiAnYcaN7wAAAABJRU5ErkJggg==
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Cc: Ashish SHUKLA <ashish@freebsd.org>, freebsd-ports@freebsd.org
Subject: Re: Adding a PAM config option to net-im/ejabberd
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2011 02:09:41 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Lawrence Stewart writes:
> On 01/31/11 00:45, Ashish SHUKLA wrote:
>> Hi Lawrence,
>>=20
>> Lawrence Stewart writes:
>>> Hi Ashish,
>>=20
>>> What do you think about applying the attached patch to the ejabberd
>>> port? It installs some parts required to allow ejabberd to auth against
>>> PAM and is working great for me.
>>=20
>> Sure, I can apply it, once ports freeze is over. I also need to update
>> ejabberd. I'll do both together.

> Sounds good, thanks. One question: in order to get PAM auth working, you
> have to set uid root on the epam bits and chown them appropriately in
> order to allow things to work. Should the port installation process do
> these steps as well or should we leave them to the user? I would be
> inclined to have the port do them so that upgrading the port doesn't
> break PAM auth after the upgrade. We would want to print a big warning
> at the end of the port install about the set uid security aspects though.

Thanks for the mention, I suggest adding mention of setuid bit in the
description of the OPTION. And ofcourse port is going to set the setuid bit
during installation.

And `security-check' target in bsd.port.mk will catch the setuid bit set on
the installed executable, and will inform the user as well. So, adding a
warning about setuid bit be redundant, IMHO.

Thanks
=2D-=20
Ashish SHUKLA

=E2=80=9CShe dump(8)-ed me without caring to restore(8).=E2=80=9D (abbe, 20=
05)

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)

iQIcBAEBCgAGBQJNRhniAAoJEMdGz6nnT6Sw7usP/RgAO0tLwUm7K4Yp247PLuT7
/G/MQicPolh7w0QZc+tNrH59008u6iNlz4AiFORaN+8pfhU20PAq3odsftujAwzm
zXH1+S5nRmjRevQpk3mOzb7yf0AIJr6NTVnn3OSWQldzDVvaIKbRmmXSsp7Vvked
myVMEpdwl0bCZdEGuwz/J9CD+vt3Py7Z8WOAq9z3XOd0P9qoQ4F/Wv4ut+gOrPAA
OEToevVapWCwaxNKHLWjJPUV5q6j6kO1GQ6vBJw+vzo9RFlMsR9Wj+EUmHvIQm8o
/qlpxlDI29bbJGfPQT+7PvIQDkojg5hJkUgEERuHbVkTSPDUS93CVovxuSqMFAr0
W90JSmEptcJbqNX5Veg6l9tX9JTSC2TwjEMz6MB69DFW62WI371z5R+7XGrAckbB
YS2q0h3qHwbOdSG42Vd1LraDzwbebTb8trKIrYP7RPsqcuGQHXCkhLXlkUmXfr7C
fP4j21DVCgdqZuKdmoFRW3GiJnmEroWDgEkCtpRvTYX9kGatGtkV3vL8WB73cvzl
rNKjbhZT/Z5WSwWacpfxkGghcThnmGc2xwBnkmZtDyauSmB5tgsKC12w5CAzLyGH
fBncbDBTdqNM9/EoUAj0WGsVa99LgDt42SnBjMmqGum46LmhdqVkX02K49mQ10Om
+O6E7G1qJiWb6LQ9xK4N
=UTSY
-----END PGP SIGNATURE-----
--=-=-=--