pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail/rspamd mail/rspamd: Fix unprivileged execution in...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/05f0c78dfb81
branches:  trunk
changeset: 374947:05f0c78dfb81
user:      fhajny <fhajny%pkgsrc.org@localhost>
date:      Thu Feb 01 09:07:23 2018 +0000

description:
mail/rspamd: Fix unprivileged execution in rc.d and SMF.

diffstat:

 mail/rspamd/Makefile               |   7 ++-
 mail/rspamd/files/rspamd.sh        |   4 +-
 mail/rspamd/files/smf/manifest.xml |  66 ++++++++++++++-----------------------
 3 files changed, 32 insertions(+), 45 deletions(-)

diffs (117 lines):

diff -r 5eef24e6a184 -r 05f0c78dfb81 mail/rspamd/Makefile
--- a/mail/rspamd/Makefile      Thu Feb 01 04:11:17 2018 +0000
+++ b/mail/rspamd/Makefile      Thu Feb 01 09:07:23 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.32 2017/11/30 16:45:30 adam Exp $
+# $NetBSD: Makefile,v 1.33 2018/02/01 09:07:23 fhajny Exp $
 
 DISTNAME=      rspamd-1.6.1
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=vstakhov/}
 
@@ -42,6 +42,9 @@
 DBDIR=         ${VARBASE}/db/rspamd
 RUNDIR=                ${VARBASE}/run/rspamd
 
+FILES_SUBST+=  RSPAMD_USER=${RSPAMD_USER}
+FILES_SUBST+=  RSPAMD_GROUP=${RSPAMD_GROUP}
+
 RCD_SCRIPTS=   rspamd
 
 CMAKE_ARGS+=   -DMANDIR:PATH=${PREFIX}/${PKGMANDIR}
diff -r 5eef24e6a184 -r 05f0c78dfb81 mail/rspamd/files/rspamd.sh
--- a/mail/rspamd/files/rspamd.sh       Thu Feb 01 04:11:17 2018 +0000
+++ b/mail/rspamd/files/rspamd.sh       Thu Feb 01 09:07:23 2018 +0000
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: rspamd.sh,v 1.1 2017/03/20 14:15:16 wiz Exp $
+# $NetBSD: rspamd.sh,v 1.2 2018/02/01 09:07:23 fhajny Exp $
 #
 # PROVIDE: rspamd
 # REQUIRE: DAEMON
@@ -14,7 +14,7 @@
 rcvar=$name
 command="@PREFIX@/bin/rspamd"
 pidfile="@VARBASE@/run/rspamd/${name}.pid"
-command_args="-c @PKG_SYSCONFDIR@/rspamd.conf"
+command_args="-u @RSPAMD_USER@ -g @RSPAMD_GROUP@ -c @PKG_SYSCONFDIR@/rspamd.conf"
 required_files="@PKG_SYSCONFDIR@/rspamd.conf"
 start_precmd="rspamd_precmd"
 
diff -r 5eef24e6a184 -r 05f0c78dfb81 mail/rspamd/files/smf/manifest.xml
--- a/mail/rspamd/files/smf/manifest.xml        Thu Feb 01 04:11:17 2018 +0000
+++ b/mail/rspamd/files/smf/manifest.xml        Thu Feb 01 09:07:23 2018 +0000
@@ -1,45 +1,29 @@
 <?xml version="1.0"?>
 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
 <service_bundle type="manifest" name="export">
-
-    <service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1">
-
-        <create_default_instance enabled="false"/>
-        
-        <single_instance/>
-
-        <dependency name="network" grouping="require_all" restart_on="error" type="service">
-            <service_fmri value="svc:/milestone/network:default"/>
-        </dependency>
-
-        <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
-            <service_fmri value="svc:/system/filesystem/local"/>
-        </dependency>
-        
-        <method_context>
-        </method_context>
-
-        <exec_method type="method" name="start" exec="@PREFIX@/bin/rspamd -i -f -c %{config_file}" timeout_seconds="60"/>
-        <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
-
-        <property_group name="startd" type="framework">
-            <propval name="duration" type="astring" value="child"/>
-            <propval name="ignore_error" type="astring" value="core,signal"/>
-        </property_group>
-
-        <property_group name="application" type="application">
-            <propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/rspamd.conf"/>
-        </property_group>
-        
-
-        <template>
-            <common_name>
-                <loctext xml:lang="C">
-                    Rspamd spam filtering system.
-                </loctext>
-            </common_name>
-        </template>
-
-    </service>
-
+  <service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1">
+    <create_default_instance enabled="false" />
+    <single_instance />
+    <dependency name="network" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/milestone/network:default" />
+    </dependency>
+    <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/system/filesystem/local" />
+    </dependency>
+    <method_context></method_context>
+    <exec_method type="method" name="start" exec="@PREFIX@/bin/rspamd -u @RSPAMD_USER@ -g @RSPAMD_USER@ -c %{config_file}" timeout_seconds="60" />
+    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
+    <property_group name="startd" type="framework">
+      <propval name="duration" type="astring" value="contract" />
+      <propval name="ignore_error" type="astring" value="core,signal" />
+    </property_group>
+    <property_group name="application" type="application">
+      <propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/rspamd.conf" />
+    </property_group>
+    <template>
+      <common_name>
+        <loctext xml:lang="C">Rspamd spam filtering system.</loctext>
+      </common_name>
+    </template>
+  </service>
 </service_bundle>



Home | Main Index | Thread Index | Old Index