pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net bind*: Remove privileges from SMF method script.
details: https://anonhg.NetBSD.org/pkgsrc/rev/dda02bdd32ee
branches: trunk
changeset: 397520:dda02bdd32ee
user: jperkin <jperkin%pkgsrc.org@localhost>
date: Fri Jun 28 17:01:30 2019 +0000
description:
bind*: Remove privileges from SMF method script.
This inadvertently opened up the named process to more privileges than
necessary and could be considered a security risk. This may affect chroot
support, adding back in support for that will need to be done carefully.
Bump PKGREVISIONs.
diffstat:
net/bind911/Makefile | 3 ++-
net/bind911/files/smf/named.sh | 2 +-
net/bind912/Makefile | 3 ++-
net/bind912/files/smf/named.sh | 2 +-
net/bind914/Makefile | 3 ++-
net/bind914/files/smf/named.sh | 2 +-
6 files changed, 9 insertions(+), 6 deletions(-)
diffs (75 lines):
diff -r 45bae6a9a9cf -r dda02bdd32ee net/bind911/Makefile
--- a/net/bind911/Makefile Fri Jun 28 16:41:06 2019 +0000
+++ b/net/bind911/Makefile Fri Jun 28 17:01:30 2019 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2019/06/20 02:13:58 taca Exp $
+# $NetBSD: Makefile,v 1.11 2019/06/28 17:01:30 jperkin Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
diff -r 45bae6a9a9cf -r dda02bdd32ee net/bind911/files/smf/named.sh
--- a/net/bind911/files/smf/named.sh Fri Jun 28 16:41:06 2019 +0000
+++ b/net/bind911/files/smf/named.sh Fri Jun 28 17:01:30 2019 +0000
@@ -239,7 +239,7 @@
if [ ${result} = ${SMF_EXIT_OK} ]; then
echo "$I: Executing: ${server} ${cmdopts}"
# Execute named(1M) with relevant command line options.
- ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+ ${server} ${cmdopts}
result=$?
fi
;;
diff -r 45bae6a9a9cf -r dda02bdd32ee net/bind912/Makefile
--- a/net/bind912/Makefile Fri Jun 28 16:41:06 2019 +0000
+++ b/net/bind912/Makefile Fri Jun 28 17:01:30 2019 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.12 2019/06/20 02:15:20 taca Exp $
+# $NetBSD: Makefile,v 1.13 2019/06/28 17:01:30 jperkin Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
diff -r 45bae6a9a9cf -r dda02bdd32ee net/bind912/files/smf/named.sh
--- a/net/bind912/files/smf/named.sh Fri Jun 28 16:41:06 2019 +0000
+++ b/net/bind912/files/smf/named.sh Fri Jun 28 17:01:30 2019 +0000
@@ -239,7 +239,7 @@
if [ ${result} = ${SMF_EXIT_OK} ]; then
echo "$I: Executing: ${server} ${cmdopts}"
# Execute named(1M) with relevant command line options.
- ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+ ${server} ${cmdopts}
result=$?
fi
;;
diff -r 45bae6a9a9cf -r dda02bdd32ee net/bind914/Makefile
--- a/net/bind914/Makefile Fri Jun 28 16:41:06 2019 +0000
+++ b/net/bind914/Makefile Fri Jun 28 17:01:30 2019 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2019/06/20 02:16:53 taca Exp $
+# $NetBSD: Makefile,v 1.7 2019/06/28 17:01:30 jperkin Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
diff -r 45bae6a9a9cf -r dda02bdd32ee net/bind914/files/smf/named.sh
--- a/net/bind914/files/smf/named.sh Fri Jun 28 16:41:06 2019 +0000
+++ b/net/bind914/files/smf/named.sh Fri Jun 28 17:01:30 2019 +0000
@@ -239,7 +239,7 @@
if [ ${result} = ${SMF_EXIT_OK} ]; then
echo "$I: Executing: ${server} ${cmdopts}"
# Execute named(1M) with relevant command line options.
- ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+ ${server} ${cmdopts}
result=$?
fi
;;
Home |
Main Index |
Thread Index |
Old Index