Re: pkg/40532: privoxy ignores user:group and has wheel permissions and so everyone accessing privoxy admin page

[Matthias Drochner <M.Drochner%fz-juelich.de@localhost>]

Can you please describe at which point you think user/group are ignored,
at build time or at run time?
For me, everything looks as intended:
[from the pkg src dir]
$ more work.zelz27/privoxy-3.0.10-stable/config.status
[...]
# ./configure  --localstatedir=/var --sysconfdir=/usr/pkg/share/examples/privox
y
 --with-user=privoxy --with-group=privoxy --prefix=/usr/pkg 
--host=i386--netbsde
lf --mandir=/usr/pkg/man
[...]
$ id privoxy
uid=1004(privoxy) gid=1002(privoxy) groups=1002(privoxy)
$ ps ax -o uid,gid,command|grep privoxy
1004 1002 /usr/pkg/sbin/privoxy --pidfile /var/run/privoxy.pid --user privoxy /
$ ls -l /usr/pkg/etc/privoxy/config
-rw-rw----  1 privoxy  privoxy  42509 Jan 22 14:25 /usr/pkg/etc/privoxy/config

> PS: Please upgrade this software to latest 3.0.10 too

I've done this locally, but we should understand your problem first
to make sure there is no serious security flaw.

best regards
Matthias




-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich

Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------