Attachment #125382 for bug #168997

View | Details | Raw Unified | Return to bug 168997
Collapse All | Expand All





PORTNAME=	privman
PORTVERSION=	0.9.3
PORTREVISION=	2
CATEGORIES=	devel security
MASTER_SITES=	GOOGLE_CODE

MAINTAINER=	ports@FreeBSD.org
COMMENT=	Library that makes it easy for programs to use privilege separation

LICENSE=	BSD
LICENSE_FILE=	${WRKSRC}/LICENSE

USE_AUTOTOOLS=	libtool
GNU_CONFIGURE=	yes
USE_LDCONFIG=	yes
MAKE_JOBS_SAFE=	yes

MLINKS=		priv_pam.3 priv_pam_acct_mgmt.3 \
		priv_pam.3 priv_pam_authenticate.3 \
		priv_pam.3 priv_pam_chauthtok.3 \
		priv_pam.3 priv_pam_close_session.3 \
		priv_pam.3 priv_pam_end.3 \
		priv_pam.3 priv_pam_fail_delay.3 \
		priv_pam.3 priv_pam_getenv.3 \
		priv_pam.3 priv_pam_get_item.3 \
		priv_pam.3 priv_pam_open_session.3 \
		priv_pam.3 priv_pam_putenv.3 \
		priv_pam.3 priv_pam_setcred.3 \
		priv_pam.3 priv_pam_set_item.3 \
		priv_pam.3 priv_pam_start.3 \
		priv_popen.3 priv_pclose.3 \
		priv_custom.3 priv_register_info_fn.3 \
		priv_custom.3 priv_register_cap_fn.3 \
		priv_custom.3 priv_invoke_info_fn.3 \
		priv_custom.3 priv_invoke_cap_fn.3
MAN3=		priv_bind.3 priv_custom.3 priv_daemon.3 priv_execve.3 \
		priv_fopen.3 priv_fork.3 priv_init.3 priv_open.3 \
		priv_pam.3 priv_popen.3 priv_rerunas.3 priv_respawn_as.3 \
		priv_wait4.3
MAN5=		privman_conf.5
MAN7=		privman.7

post-patch:
	@${REINPLACE_CMD} -e \
		's|$$(PACKAGE).d|$$(PACKAGE)|g' ${WRKSRC}/etc/Makefile.in
	@${REINPLACE_CMD} -e \
		'/^CFLAGS/s|-O2 -g|@CFLAGS@| ; \
		 /^CXXFLAGS/s|-O2 -g|@CXXFLAGS@| ; \
		 s|@PACKAGE@.d|@PACKAGE@| ; \
		 s|-lstdc++||' ${WRKSRC}/src/Makefile.in
	@${REINPLACE_CMD} -e \
		'/^CFLAGS/s|-O2 -g|@CFLAGS@|' ${WRKSRC}/tests/Makefile.in

.include <bsd.port.mk>




Privman is a library that makes it easy for programs to use privilege
separation, a technique that prevents the leak or misuse of privilege
from applications that must run with some elevated permissions. The
Privman library simplifies the otherwise complex task of separating
the application, protecting the system from compromise if an error in
the application logic is found.

Applications that use the Privman library split into two halves, the
half that performs valid privileged operations, and the half that
contains the application's logic. The library uses configuration files
to provide fine-grained access control for the privileged operations,
limiting exposure in even of an attack against the application. When 
the application is compromised, the attacker gains only the privileges
of an unprivileged user and the specific privileges granted to the
application by the application's Privman configuration file.

WWW: http://code.google.com/p/privman/

Return to bug 168997

Lines 7-41 Link Here

(-)devel/privman/Makefile (-21 / +40 lines)
7		7
8	PORTNAME= privman	8	PORTNAME= privman
9	PORTVERSION= 0.9.3	9	PORTVERSION= 0.9.3
10	PORTREVISION= 1	10	PORTREVISION= 2
11	CATEGORIES= devel security	11	CATEGORIES= devel security
12	MASTER_SITES= http://www.isso.sparta.com/opensource/privman/downloads/	12	MASTER_SITES= GOOGLE_CODE
13		13
14	MAINTAINER= ports@FreeBSD.org	14	MAINTAINER= ports@FreeBSD.org
15	COMMENT= Library that makes it easy for programs to use privilege separation	15	COMMENT= Library that makes it easy for programs to use privilege separation
16		16
		17	LICENSE= BSD
		18	LICENSE_FILE= ${WRKSRC}/LICENSE
		19
17	USE_AUTOTOOLS= libtool	20	USE_AUTOTOOLS= libtool
18	GNU_CONFIGURE= yes
19	USE_LDCONFIG= yes	21	USE_LDCONFIG= yes
		22	MAKE_JOBS_SAFE= yes
20		23
21	post-patch:	24	MLINKS= priv_pam.3 priv_pam_acct_mgmt.3 \
22	@${REINPLACE_CMD} -e 's\|$$(PACKAGE).d\|$$(PACKAGE)\|g' \	25	priv_pam.3 priv_pam_authenticate.3 \
23	${WRKSRC}/etc/Makefile.in	26	priv_pam.3 priv_pam_chauthtok.3 \
24	@${REINPLACE_CMD} -e 's\|@PACKAGE@.d\|@PACKAGE@\|g' \	27	priv_pam.3 priv_pam_close_session.3 \
25	${WRKSRC}/src/Makefile.in	28	priv_pam.3 priv_pam_end.3 \
26		29	priv_pam.3 priv_pam_fail_delay.3 \
27	MAN3= priv_bind.3 priv_custom.3 priv_daemon.3 priv_execve.3 \	30	priv_pam.3 priv_pam_getenv.3 \
28	priv_fopen.3 priv_fork.3 priv_init.3 priv_invoke_cap_fn.3 \	31	priv_pam.3 priv_pam_get_item.3 \
29	priv_invoke_info_fn.3 priv_open.3 priv_pam.3 \	32	priv_pam.3 priv_pam_open_session.3 \
30	priv_pam_acct_mgmt.3 priv_pam_authenticate.3 priv_pam_chauthtok.3 \	33	priv_pam.3 priv_pam_putenv.3 \
31	priv_pam_close_session.3 priv_pam_end.3 priv_pam_fail_delay.3 \	34	priv_pam.3 priv_pam_setcred.3 \
32	priv_pam_get_item.3 priv_pam_getenv.3 priv_pam_open_session.3 \	35	priv_pam.3 priv_pam_set_item.3 \
33	priv_pam_putenv.3 priv_pam_set_item.3 priv_pam_setcred.3 \	36	priv_pam.3 priv_pam_start.3 \
34	priv_pam_start.3 priv_pclose.3 priv_popen.3 priv_register_cap_fn.3 \	37	priv_popen.3 priv_pclose.3 \
35	priv_register_info_fn.3 priv_rerunas.3 priv_respawn_as.3 \	38	priv_custom.3 priv_register_info_fn.3 \
36	priv_wait4.3	39	priv_custom.3 priv_register_cap_fn.3 \
		40	priv_custom.3 priv_invoke_info_fn.3 \
		41	priv_custom.3 priv_invoke_cap_fn.3
		42	MAN3= priv_bind.3 priv_custom.3 priv_daemon.3 priv_execve.3 \
		43	priv_fopen.3 priv_fork.3 priv_init.3 priv_open.3 \
		44	priv_pam.3 priv_popen.3 priv_rerunas.3 priv_respawn_as.3 \
		45	priv_wait4.3
		46	MAN5= privman_conf.5
		47	MAN7= privman.7
37		48
38	MAN5= privman_conf.5	49	post-patch:
39	MAN7= privman.7	50	@${REINPLACE_CMD} -e \
		51	's\|$$(PACKAGE).d\|$$(PACKAGE)\|g' ${WRKSRC}/etc/Makefile.in
		52	@${REINPLACE_CMD} -e \
		53	'/^CFLAGS/s\|-O2 -g\|@CFLAGS@\| ; \
		54	/^CXXFLAGS/s\|-O2 -g\|@CXXFLAGS@\| ; \
		55	s\|@PACKAGE@.d\|@PACKAGE@\| ; \
		56	s\|-lstdc++\|\|' ${WRKSRC}/src/Makefile.in
		57	@${REINPLACE_CMD} -e \
		58	'/^CFLAGS/s\|-O2 -g\|@CFLAGS@\|' ${WRKSRC}/tests/Makefile.in
40		59
41	.include <bsd.port.mk>	60	.include <bsd.port.mk>

Lines 1-17 Link Here

(-)devel/privman/pkg-descr (-15 / +15 lines)
1	Privman is a library that makes it easy for programs to use	1	Privman is a library that makes it easy for programs to use privilege
2	privilege separation, a technique that prevents the leak or	2	separation, a technique that prevents the leak or misuse of privilege
3	misuse of privilege from applications that must run with some	3	from applications that must run with some elevated permissions. The
4	elevated permissions. Applications that use the Privman library	4	Privman library simplifies the otherwise complex task of separating
5	split into two halves, the half that performs valid privileged	5	the application, protecting the system from compromise if an error in
6	operations, and the half that contains the application's logic.	6	the application logic is found.
7	The Privman library simplifies the otherwise complex task of	7
8	separating the application, protecting the system from	8	Applications that use the Privman library split into two halves, the
9	compromise if an error in the application logic is found. The	9	half that performs valid privileged operations, and the half that
10	library uses configuration files to provide fine-grained access	10	contains the application's logic. The library uses configuration files
11	control for the privileged operations, limiting exposure in	11	to provide fine-grained access control for the privileged operations,
12	even of an attack against the application. When the application	12	limiting exposure in even of an attack against the application. When
13	is compromised, the attacker gains only the privileges of an	13	the application is compromised, the attacker gains only the privileges
14	unprivileged user and the specific privileges granted to the	14	of an unprivileged user and the specific privileges granted to the
15	application by the application's Privman configuration file.	15	application by the application's Privman configuration file.
16		16
17	WWW: http://www.isso.sparta.com/opensource/privman/	17	WWW: http://code.google.com/p/privman/