pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
charybdis: Implement privsep()
Module Name: pkgsrc-wip
Committed By: Kamil Rytarowski <n54%gmx.com@localhost>
Pushed By: kamil
Date: Tue Oct 31 00:59:36 2017 +0100
Changeset: e8ca8ea56b5f2a0277cd418930b6710bfb684936
Modified Files:
charybdis/Makefile
charybdis/distinfo
Added Files:
charybdis/patches/patch-ircd_ircd.c
Log Message:
charybdis: Implement privsep()
This daemon shouldn't run as root.
With privsep() we can handle in a regular fashion changing user
and group to a custom user.
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=e8ca8ea56b5f2a0277cd418930b6710bfb684936
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
charybdis/Makefile | 12 +++++++++
charybdis/distinfo | 1 +
charybdis/patches/patch-ircd_ircd.c | 51 +++++++++++++++++++++++++++++++++++++
3 files changed, 64 insertions(+)
diffs:
diff --git a/charybdis/Makefile b/charybdis/Makefile
index 0afa099a8c..afb9cd520d 100644
--- a/charybdis/Makefile
+++ b/charybdis/Makefile
@@ -16,6 +16,16 @@ GNU_CONFIGURE= yes
BUILD_DEFS+= VARBASE
+# Put this in mk/defaults/mk.conf
+CHARYBDIS_USER?= charybdis
+CHARYBDIS_GROUP?= charybdis
+
+PKG_USERS_VARS+= CHARYBDIS_USER
+PKG_GROUPS_VARS+= CHARYBDIS_GROUP
+
+PKG_USERS= ${CHARYBDIS_USER}:${CHARYBDIS_GROUP}
+PKG_GROUPS= ${CHARYBDIS_GROUP}
+
CHARYBDIS_PID_DIR= ${VARBASE}/run # default directory for PID files
FILES_SUBST+= CHARYBDIS_PID_DIR=${CHARYBDIS_PID_DIR}
@@ -25,6 +35,8 @@ EGDIR= ${PREFIX}/share/examples/charybdis
INSTALL_MAKE_FLAGS+= sysconfdir=${EGDIR}
+CFLAGS+= -DCHARYBDIS_USER='"${CHARYBDIS_USER}"'
+
pre-configure:
${RUN} cd ${WRKSRC} && ./autogen.sh
diff --git a/charybdis/distinfo b/charybdis/distinfo
index a5df10d98d..2d362c8ff5 100644
--- a/charybdis/distinfo
+++ b/charybdis/distinfo
@@ -4,4 +4,5 @@ SHA1 (charybdis-4.0.tar.gz) = 57957259f00e8c20ae22adee2d0648a8d017fe55
RMD160 (charybdis-4.0.tar.gz) = 8abca605db25eb5b8aea95588c6819eb3fd0e1fa
SHA512 (charybdis-4.0.tar.gz) = c65d1ee4a04a432694edaa2f58ec69a904de1f6195f6880a52d28c893c46d67bf2ed253f356dd8507b31d1850ce53b3eb18cf800638dc2389770cc5d2ae78924
Size (charybdis-4.0.tar.gz) = 2681395 bytes
+SHA1 (patch-ircd_ircd.c) = df97bc22a953086430bc752ecab601b55714683a
SHA1 (patch-librb_configure.ac) = 078ed443d188eb2be7c61293aa19ed23b92331b5
diff --git a/charybdis/patches/patch-ircd_ircd.c b/charybdis/patches/patch-ircd_ircd.c
new file mode 100644
index 0000000000..71f28c5795
--- /dev/null
+++ b/charybdis/patches/patch-ircd_ircd.c
@@ -0,0 +1,51 @@
+$NetBSD$
+
+--- ircd/ircd.c.orig 2017-10-20 22:29:47.000000000 +0000
++++ ircd/ircd.c
+@@ -66,6 +66,10 @@
+ #include "authproc.h"
+ #include "operhash.h"
+
++#include <sys/param.h>
++#include <unistd.h>
++#include <pwd.h>
++
+ static void
+ ircd_die_cb(const char *str) __attribute__((noreturn));
+
+@@ -617,6 +621,22 @@ seed_random(void *unused)
+ srand(seed);
+ }
+
++static int
++privdrop(void)
++{
++ struct passwd *pw;
++
++ if ((pw = getpwnam(CHARYBDIS_USER)) == NULL) {
++ fprintf(stderr, "unknown user %s", CHARYBDIS_USER);
++ return -1;
++ }
++
++ if (setgroups(1, &pw->pw_gid) || setegid(pw->pw_gid) || seteuid(pw->pw_gid))
++ return -1;
++
++ return 0;
++}
++
+ /*
+ * main
+ *
+@@ -635,8 +655,10 @@ charybdis_main(int argc, char * const ar
+ /* Check to see if the user is running us as root, which is a nono */
+ if(geteuid() == 0)
+ {
+- fprintf(stderr, "Don't run ircd as root!!!\n");
+- return -1;
++ if (privdrop() != 0) {
++ fprintf(stderr, "Don't run ircd as root!!!\n");
++ return -1;
++ }
+ }
+ #endif
+
Home |
Main Index |
Thread Index |
Old Index