pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/priv
Module Name: pkgsrc
Committed By: kim
Date: Tue Feb 16 09:42:06 UTC 2021
Modified Files:
pkgsrc/security/priv: Makefile distinfo
pkgsrc/security/priv/patches: patch-priv.c
Added Files:
pkgsrc/security/priv/patches: patch-Makefile.in patch-configure.in
patch-priv.h
Removed Files:
pkgsrc/security/priv/patches: patch-aa patch-ab
Log Message:
Use setusercontext(3)
Using setusercontext(3) makes per-user tmp work. Fixes PR 55765.
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/priv/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/security/priv/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/priv/patches/patch-Makefile.in \
pkgsrc/security/priv/patches/patch-configure.in \
pkgsrc/security/priv/patches/patch-priv.h
cvs rdiff -u -r1.3 -r0 pkgsrc/security/priv/patches/patch-aa
cvs rdiff -u -r1.1 -r0 pkgsrc/security/priv/patches/patch-ab
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/priv/patches/patch-priv.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/priv/Makefile
diff -u pkgsrc/security/priv/Makefile:1.21 pkgsrc/security/priv/Makefile:1.22
--- pkgsrc/security/priv/Makefile:1.21 Fri Feb 5 13:18:48 2021
+++ pkgsrc/security/priv/Makefile Tue Feb 16 09:42:06 2021
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.21 2021/02/05 13:18:48 nia Exp $
+# $NetBSD: Makefile,v 1.22 2021/02/16 09:42:06 kim Exp $
#
DISTNAME= priv-1.0-beta2
PKGNAME= priv-1.0beta2
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= security
MASTER_SITES= ftp://ftp.thistledown.com.au/pub/simonb/
@@ -11,6 +11,7 @@ MAINTAINER= simonb%NetBSD.org@localhost
COMMENT= Execute commands as a different user
LICENSE= original-bsd
+USE_TOOLS= autoconf automake autoreconf
GNU_CONFIGURE= YES
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
@@ -26,4 +27,7 @@ SPECIAL_PERMS+= bin/priv ${SETUID_ROOT_P
OWN_DIRS= ${PKG_SYSCONFDIR}/priv
+pre-configure:
+ cd "${WRKSRC}" && autoreconf -fi
+
.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/priv/distinfo
diff -u pkgsrc/security/priv/distinfo:1.9 pkgsrc/security/priv/distinfo:1.10
--- pkgsrc/security/priv/distinfo:1.9 Fri Feb 5 13:18:48 2021
+++ pkgsrc/security/priv/distinfo Tue Feb 16 09:42:06 2021
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.9 2021/02/05 13:18:48 nia Exp $
+$NetBSD: distinfo,v 1.10 2021/02/16 09:42:06 kim Exp $
SHA1 (priv-1.0-beta2.tar.gz) = dee75baaf320c5dee112376cca0bb08a635f2806
RMD160 (priv-1.0-beta2.tar.gz) = 635e0e2cf64c0bdbbdc790a4833e650700473448
SHA512 (priv-1.0-beta2.tar.gz) = 0319471c4654c1806dd1516f1fc146b63fb4fe22d2e40238f1f6dc078adb201ae7dd82b07054ed01af861818a64529ed2451ceb60d477ee16ef4528fa2d6d359
Size (priv-1.0-beta2.tar.gz) = 34507 bytes
-SHA1 (patch-aa) = 2a1252d2593333ceb048baa269dbe1b2e9a5d1e4
-SHA1 (patch-ab) = e6f89b30954ac9dbe0243e755287f5f8a37011bd
-SHA1 (patch-priv.c) = 4baea1e9233e3e8d3ac450a6a51fefa622ebed06
+SHA1 (patch-Makefile.in) = 2a1252d2593333ceb048baa269dbe1b2e9a5d1e4
+SHA1 (patch-configure.in) = a1df31e1a3bb64a9a782132566be223eaab1e454
+SHA1 (patch-priv.c) = efcab7c1890bb8be930e4dafb47c31df148d6a6a
+SHA1 (patch-priv.h) = 460670e323e9c14eb55674b2593046900f4455b3
Index: pkgsrc/security/priv/patches/patch-priv.c
diff -u pkgsrc/security/priv/patches/patch-priv.c:1.1 pkgsrc/security/priv/patches/patch-priv.c:1.2
--- pkgsrc/security/priv/patches/patch-priv.c:1.1 Fri Feb 5 13:27:42 2021
+++ pkgsrc/security/priv/patches/patch-priv.c Tue Feb 16 09:42:06 2021
@@ -1,10 +1,38 @@
-$NetBSD: patch-priv.c,v 1.1 2021/02/05 13:27:42 nia Exp $
+$NetBSD: patch-priv.c,v 1.2 2021/02/16 09:42:06 kim Exp $
+
+Use setusercontext(3), which is needed for per-user tmp to work.
Do not directly pass user input to a printf function.
--- priv.c.orig 2004-02-09 04:37:07.000000000 +0000
+++ priv.c
-@@ -370,8 +370,8 @@ main(int argc, char **argv, char **envp)
+@@ -318,6 +318,17 @@ main(int argc, char **argv, char **envp)
+ }
+
+ /* Set up the permissions */
++#ifdef HAVE_LOGIN_CAP_H
++ if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETGROUP |
++ LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
++ LOGIN_SETUSER) != 0) {
++ sverr = errno;
++ syslog(LOG_NOTICE, "%s: not ok: setusercontext failed: %m",
++ myfullname);
++ errno = sverr;
++ err(EXIT_VAL, "setusercontext failed");
++ }
++#else
+ if (setgid(pw->pw_gid) < 0) {
+ sverr = errno;
+ syslog(LOG_NOTICE, "%s: not ok: setgid failed: %m", myfullname);
+@@ -337,6 +348,7 @@ main(int argc, char **argv, char **envp)
+ errno = sverr;
+ err(EXIT_VAL, "setuid failed");
+ }
++#endif
+
+ /* Check for sym-link */
+ if (!(nflags & F_SYMLINK)) {
+@@ -370,8 +382,8 @@ main(int argc, char **argv, char **envp)
}
/* All's well so far, get ready to execute the command. */
Added files:
Index: pkgsrc/security/priv/patches/patch-Makefile.in
diff -u /dev/null pkgsrc/security/priv/patches/patch-Makefile.in:1.1
--- /dev/null Tue Feb 16 09:42:06 2021
+++ pkgsrc/security/priv/patches/patch-Makefile.in Tue Feb 16 09:42:06 2021
@@ -0,0 +1,18 @@
+$NetBSD: patch-Makefile.in,v 1.1 2021/02/16 09:42:06 kim Exp $
+
+--- Makefile.in.orig 1997-07-08 06:19:04.000000000 +0000
++++ Makefile.in
+@@ -75,11 +75,11 @@ priv: ${OBJ} @LIBOBJS@
+ ${OBJ}: ${srcdir}/priv.h config.h
+
+ install: all ${srcdir}/priv.1 installdirs
+- ${INSTALL_PROGRAM} -o root -m ${BINMODE} priv ${bindir}/${binprefix}priv
++ ${BSD_INSTALL_PROGRAM} priv ${bindir}/${binprefix}priv
+ ${INSTALL_DATA} ${srcdir}/priv.1 ${mandir}/${manprefix}priv.${manext}
+
+ installdirs: mkinstalldirs
+- ${srcdir}/mkinstalldirs ${bindir} ${mandir} ${sysconfdir}/priv
++ ${srcdir}/mkinstalldirs ${bindir} ${mandir}
+
+ uninstall:
+ rm -f ${bindir}/${binprefix}priv
Index: pkgsrc/security/priv/patches/patch-configure.in
diff -u /dev/null pkgsrc/security/priv/patches/patch-configure.in:1.1
--- /dev/null Tue Feb 16 09:42:06 2021
+++ pkgsrc/security/priv/patches/patch-configure.in Tue Feb 16 09:42:06 2021
@@ -0,0 +1,23 @@
+$NetBSD: patch-configure.in,v 1.1 2021/02/16 09:42:06 kim Exp $
+
+Check for setusercontext(3), which is needed for per-user tmp to work.
+
+--- configure.in.orig 1997-07-08 06:19:05.000000000 +0000
++++ configure.in
+@@ -40,13 +40,14 @@ AC_DEFINE_UNQUOTED(PATH_SU, "$SU_PROG")
+
+ dnl Checks for libraries
+ dnl ====================
++AC_SEARCH_LIBS(setusercontext, util)
+
+ dnl Checks for header files
+ dnl =======================
+ AC_HEADER_STDC
+ AC_HEADER_TIME
+-AC_CHECK_HEADERS(limits.h stdarg.h stdlib.h string.h stringlist.h syslog.h \
+- unistd.h sys/syslog.h)
++AC_CHECK_HEADERS(err.h limits.h login_cap.h stdarg.h stdlib.h string.h \
++ stringlist.h syslog.h unistd.h sys/syslog.h)
+
+ dnl Checks for typedefs, structures, and compiler characteristics
+ dnl =============================================================
Index: pkgsrc/security/priv/patches/patch-priv.h
diff -u /dev/null pkgsrc/security/priv/patches/patch-priv.h:1.1
--- /dev/null Tue Feb 16 09:42:06 2021
+++ pkgsrc/security/priv/patches/patch-priv.h Tue Feb 16 09:42:06 2021
@@ -0,0 +1,35 @@
+$NetBSD: patch-priv.h,v 1.1 2021/02/16 09:42:06 kim Exp $
+
+Include login_cap.h for setusercontext(3), which is needed for per-user
+tmp to work.
+
+--- priv.h.orig 1997-07-08 06:19:07.000000000 +0000
++++ priv.h
+@@ -89,6 +89,14 @@
+ # endif
+ #endif
+
++#ifdef HAVE_LOGIN_CAP_H
++# include <login_cap.h>
++#endif
++
++#ifdef HAVE_ERR_H
++# include <err.h>
++#endif
++
+ #define DEFPATH "/bin:/usr/bin"
+ #define SYSLOGNAME "priv" /* name used with syslog */
+ #define LOGBUFSIZ 2048 + 256 /* number of chars to log */
+@@ -140,10 +148,10 @@ char *strsep(char **, const char *);
+ #ifndef HAVE_STRERROR
+ char *strerror(int errnum);
+ #endif
+-#ifdef HAVE_STRSPN
++#ifndef HAVE_STRSPN
+ size_t strspn(const char *s, const char *charset);
+ #endif
+-#ifdef HAVE_STRTOUL
++#ifndef HAVE_STRTOUL
+ unsigned long strtoul(const char *nptr, char **endptr, int base);
+ #endif
+
Home |
Main Index |
Thread Index |
Old Index