freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security/tinc-devel: security/tinc: add user and group tinc

Browse Source 
The tinc daemon is now setgid
The daemon can drop privileges with:
sysrc tincd_flags=--user=tinc

Reported by: Poul-Henning Kamp
This commit is contained in:
Dirk Meyer 2024-12-30 20:27:20 +01:00
parent 06dc848e03
commit 121c0dbfd3
4 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
GIDs
View File

@ -596,7 +596,7 @@ _xrdp:*:648:
# free: 652 # free: 652
# free: 653 # free: 653
# free: 654 # free: 654
# free: 655 tinc:*:655:
# free: 656 # free: 656
# free: 657 # free: 657
# free: 658 # free: 658

2
UIDs
View File

@ -602,7 +602,7 @@ _xrdp:*:648:648::0:0:xrdp daemon:/nonexistent:/usr/sbin/nologin
# free: 652 # free: 652
# free: 653 # free: 653
# free: 654 # free: 654
# free: 655 tinc:*:655:655::0:0:tinc daemon:/nonexistent:/usr/sbin/nologin
# free: 656 # free: 656
# free: 657 # free: 657
# free: 658 # free: 658

6
security/tinc-devel/Makefile
View File

@ -1,6 +1,6 @@
PORTNAME= tinc PORTNAME= tinc
PORTVERSION= 1.1pre18 PORTVERSION= 1.1pre18
PORTREVISION= 3 PORTREVISION= 4
CATEGORIES= security net-vpn CATEGORIES= security net-vpn
MASTER_SITES= https://www.tinc-vpn.org/packages/ \ MASTER_SITES= https://www.tinc-vpn.org/packages/ \
http://www.tinc-vpn.org/packages/ http://www.tinc-vpn.org/packages/
@ -15,6 +15,8 @@ LICENSE_FILE= ${WRKSRC}/COPYING
LIB_DEPENDS= liblzo2.so:archivers/lzo2 LIB_DEPENDS= liblzo2.so:archivers/lzo2
USERS= tinc
GROUPS= tinc
USES= cpe ssl makeinfo readline localbase:ldflags USES= cpe ssl makeinfo readline localbase:ldflags
CPE_VENDOR= tinc-vpn CPE_VENDOR= tinc-vpn
GNU_CONFIGURE= yes GNU_CONFIGURE= yes
@ -22,7 +24,7 @@ GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share
CONFIGURE_ARGS= --localstatedir=/var --with-curses=/usr CONFIGURE_ARGS= --localstatedir=/var --with-curses=/usr
USE_RC_SUBR= tincd USE_RC_SUBR= tincd
INFO= tinc INFO= tinc
PLIST_FILES= sbin/tincd sbin/tinc \ PLIST_FILES= "@(root,tinc,2550) sbin/tincd" sbin/tinc \
share/bash-completion/completions/tinc \ share/bash-completion/completions/tinc \
share/man/man8/tinc-gui.8.gz share/man/man5/tinc.conf.5.gz \ share/man/man8/tinc-gui.8.gz share/man/man5/tinc.conf.5.gz \
share/man/man8/tinc.8.gz share/man/man8/tincd.8.gz share/man/man8/tinc.8.gz share/man/man8/tincd.8.gz

6
security/tinc/Makefile
View File

@ -1,6 +1,6 @@
PORTNAME= tinc PORTNAME= tinc
PORTVERSION= 1.0.36 PORTVERSION= 1.0.36
PORTREVISION= 2 PORTREVISION= 3
CATEGORIES= security net-vpn CATEGORIES= security net-vpn
MASTER_SITES= https://www.tinc-vpn.org/packages/ \ MASTER_SITES= https://www.tinc-vpn.org/packages/ \
http://www.tinc-vpn.org/packages/ http://www.tinc-vpn.org/packages/
@ -13,6 +13,8 @@ LICENSE= GPLv3
LIB_DEPENDS= liblzo2.so:archivers/lzo2 LIB_DEPENDS= liblzo2.so:archivers/lzo2
USERS= tinc
GROUPS= tinc
USES= cpe ssl makeinfo USES= cpe ssl makeinfo
CPE_VENDOR= tinc-vpn CPE_VENDOR= tinc-vpn
GNU_CONFIGURE= yes GNU_CONFIGURE= yes
@ -22,7 +24,7 @@ LDFLAGS+= -L${LOCALBASE}/lib
CONFIGURE_ARGS= --localstatedir=/var CONFIGURE_ARGS= --localstatedir=/var
USE_RC_SUBR= tincd USE_RC_SUBR= tincd
INFO= tinc INFO= tinc
PLIST_FILES= sbin/tincd \ PLIST_FILES= "@(root,tinc,2550) sbin/tincd" \
share/man/man5/tinc.conf.5.gz share/man/man8/tincd.8.gz share/man/man5/tinc.conf.5.gz share/man/man8/tincd.8.gz
.include <bsd.port.mk> .include <bsd.port.mk>