CVS commit: pkgsrc/net

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net
From: "Jonathan Perkin" <jperkin%netbsd.org@localhost>
Date: Fri, 28 Jun 2019 17:01:31 +0000

Module Name:    pkgsrc
Committed By:   jperkin
Date:           Fri Jun 28 17:01:31 UTC 2019

Modified Files:
        pkgsrc/net/bind911: Makefile
        pkgsrc/net/bind911/files/smf: named.sh
        pkgsrc/net/bind912: Makefile
        pkgsrc/net/bind912/files/smf: named.sh
        pkgsrc/net/bind914: Makefile
        pkgsrc/net/bind914/files/smf: named.sh

Log Message:
bind*: Remove privileges from SMF method script.

This inadvertently opened up the named process to more privileges than
necessary and could be considered a security risk.  This may affect chroot
support, adding back in support for that will need to be done carefully.

Bump PKGREVISIONs.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/bind911/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind911/files/smf/named.sh
cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/bind912/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind912/files/smf/named.sh
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind914/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind914/files/smf/named.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/bind911/Makefile
diff -u pkgsrc/net/bind911/Makefile:1.10 pkgsrc/net/bind911/Makefile:1.11
--- pkgsrc/net/bind911/Makefile:1.10    Thu Jun 20 02:13:58 2019
+++ pkgsrc/net/bind911/Makefile Fri Jun 28 17:01:30 2019
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2019/06/20 02:13:58 taca Exp $
+# $NetBSD: Makefile,v 1.11 2019/06/28 17:01:30 jperkin Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P/pl/}
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
 

Index: pkgsrc/net/bind911/files/smf/named.sh
diff -u pkgsrc/net/bind911/files/smf/named.sh:1.3 pkgsrc/net/bind911/files/smf/named.sh:1.4
--- pkgsrc/net/bind911/files/smf/named.sh:1.3   Wed Jun 19 10:58:48 2019
+++ pkgsrc/net/bind911/files/smf/named.sh       Fri Jun 28 17:01:30 2019
@@ -239,7 +239,7 @@ case "$method" in
     if [ ${result} = ${SMF_EXIT_OK} ]; then
        echo "$I: Executing: ${server} ${cmdopts}"
        # Execute named(1M) with relevant command line options.
-       ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+       ${server} ${cmdopts}
        result=$?
     fi
     ;;

Index: pkgsrc/net/bind912/Makefile
diff -u pkgsrc/net/bind912/Makefile:1.12 pkgsrc/net/bind912/Makefile:1.13
--- pkgsrc/net/bind912/Makefile:1.12    Thu Jun 20 02:15:20 2019
+++ pkgsrc/net/bind912/Makefile Fri Jun 28 17:01:30 2019
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.12 2019/06/20 02:15:20 taca Exp $
+# $NetBSD: Makefile,v 1.13 2019/06/28 17:01:30 jperkin Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P/pl/}
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
 

Index: pkgsrc/net/bind912/files/smf/named.sh
diff -u pkgsrc/net/bind912/files/smf/named.sh:1.3 pkgsrc/net/bind912/files/smf/named.sh:1.4
--- pkgsrc/net/bind912/files/smf/named.sh:1.3   Wed Jun 19 10:58:49 2019
+++ pkgsrc/net/bind912/files/smf/named.sh       Fri Jun 28 17:01:30 2019
@@ -239,7 +239,7 @@ case "$method" in
     if [ ${result} = ${SMF_EXIT_OK} ]; then
        echo "$I: Executing: ${server} ${cmdopts}"
        # Execute named(1M) with relevant command line options.
-       ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+       ${server} ${cmdopts}
        result=$?
     fi
     ;;

Index: pkgsrc/net/bind914/Makefile
diff -u pkgsrc/net/bind914/Makefile:1.6 pkgsrc/net/bind914/Makefile:1.7
--- pkgsrc/net/bind914/Makefile:1.6     Thu Jun 20 02:16:53 2019
+++ pkgsrc/net/bind914/Makefile Fri Jun 28 17:01:30 2019
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2019/06/20 02:16:53 taca Exp $
+# $NetBSD: Makefile,v 1.7 2019/06/28 17:01:30 jperkin Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P/pl/}
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
 

Index: pkgsrc/net/bind914/files/smf/named.sh
diff -u pkgsrc/net/bind914/files/smf/named.sh:1.2 pkgsrc/net/bind914/files/smf/named.sh:1.3
--- pkgsrc/net/bind914/files/smf/named.sh:1.2   Wed Jun 19 10:58:49 2019
+++ pkgsrc/net/bind914/files/smf/named.sh       Fri Jun 28 17:01:30 2019
@@ -239,7 +239,7 @@ case "$method" in
     if [ ${result} = ${SMF_EXIT_OK} ]; then
        echo "$I: Executing: ${server} ${cmdopts}"
        # Execute named(1M) with relevant command line options.
-       ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+       ${server} ${cmdopts}
        result=$?
     fi
     ;;

Prev by Date: CVS commit: pkgsrc/net/unifi
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/net/unifi
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index