Date: Sat, 17 Jun 2017 10:54:54 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r443770 - in head/security/tor: . files Message-ID: <201706171054.v5HAssMs006368@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Sat Jun 17 10:54:54 2017 New Revision: 443770 URL: https://svnweb.freebsd.org/changeset/ports/443770 Log: - security/tor: Implemented setuid feature *The user should add tor_setuid=YES to /etc/rc.conf to make tor do setuid in runtime after opening the externally provided files. PR: 218587 Submitted by: xmj Approved by: Yuri Victorovich <yuri at rawbw.com> (maintainer) Approved by: miwi (mentor) Differential Revision: https://reviews.freebsd.org/D11223 Modified: head/security/tor/Makefile head/security/tor/files/tor.in Modified: head/security/tor/Makefile ============================================================================== --- head/security/tor/Makefile Sat Jun 17 10:54:15 2017 (r443769) +++ head/security/tor/Makefile Sat Jun 17 10:54:54 2017 (r443770) @@ -3,6 +3,7 @@ PORTNAME= tor PORTVERSION= 0.3.0.8 +PORTREVISION= 1 CATEGORIES= security net ipv6 MASTER_SITES= TOR Modified: head/security/tor/files/tor.in ============================================================================== --- head/security/tor/files/tor.in Sat Jun 17 10:54:15 2017 (r443769) +++ head/security/tor/files/tor.in Sat Jun 17 10:54:54 2017 (r443770) @@ -21,6 +21,7 @@ # tor_disable_default_instance (str): Doesn't run the default instance. # Only valid when tor_instances is used. # Default: NO +# tor_setuid (str): Runtime setuid. Default: NO # # The instance definition that tor_instances expects: # inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir} @@ -42,6 +43,7 @@ load_rc_config ${name} : ${tor_pidfile="/var/run/tor/tor.pid"} : ${tor_datadir="/var/db/tor"} : ${tor_disable_default_instance="NO"} +: ${tor_setuid="NO"} instance=${slave_instance} if [ -n "${instance}" ]; then @@ -111,6 +113,18 @@ pidfile=${tor_pidfile} command="%%PREFIX%%/bin/${name}" command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir}" extra_commands="reload" + +if [ $tor_setuid = "YES" ]; then + if ! grep -q "^User ${tor_user}$" ${tor_conf}; then + echo "User ${tor_user}" >> ${tor_conf} + fi + tor_user="root" + tor_group="wheel" +else + if grep -q "^User ${tor_user}$" ${tor_conf}; then + sed -i '' -e "s/^User ${tor_user}$//" ${tor_conf} + fi +fi if ! run_rc_command "$1"; then exit_code=1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201706171054.v5HAssMs006368>