Bug 218179

Summary: sysutils/ipfs-go runs with root privilege
Product: Ports & Packages Reporter: Gian-Simon Purkert <gspurki>
Component: Individual Port(s)Assignee: John Hixson <jhixson>
Status: Closed FIXED    
Severity: Affects Many People CC: dmgk, milios, w.schwarzenfeld
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
svn diff from /usr/ports/sysutils/ipfs-go milios: maintainer-approval? (milios)

Description Gian-Simon Purkert 2017-03-28 08:43:01 UTC
The IPFS-go daemon runs as root, witch is not really good.
Since it is a network-service, it should run with its own restricted user (analogue to TOR)

Repository and config, something like:
/var/lokal/ipfs
Comment 1 Gian-Simon Purkert 2017-03-28 09:10:40 UTC
sry:
/var/db/ipfs
Comment 2 Gian-Simon Purkert 2017-07-31 12:45:33 UTC
Runs still with root, please add a user special for ipfs otherwise its too dangerous.
Comment 3 Walter Schwarzenfeld 2018-02-02 18:43:57 UTC
Feedback please!
Comment 4 Yuri Victorovich freebsd_committer freebsd_triage 2018-03-12 17:54:19 UTC
This port violates chapter 5.4 of PHB which mentions that MASTER_SITES/DISTNAME refers to "source archive", and for sysutils/ipfs-go it isn't a source archive.

It should be removed.
Comment 5 Yuri Victorovich freebsd_committer freebsd_triage 2018-03-12 21:37:26 UTC
(In reply to w.schwarzenfeld from comment #3)

This port needs to be reimplemented to solve mentioned problems.
Comment 6 John Hixson freebsd_committer freebsd_triage 2019-01-08 08:57:54 UTC
This port no longer runs as the root user. This bug report can be closed.
Comment 7 Chad Jacob Milios 2020-05-04 05:57:06 UTC
Created attachment 214085 [details]
svn diff from /usr/ports/sysutils/ipfs-go

USE_RC_SUBR implicitly adds the script to the end of the plist, affected by @owner and @group.

The rc.d script is getting installed owned by ipfs-go user which is a springboard to root privileges from ipfs daemon.

This patch fixes that
Comment 8 commit-hook freebsd_committer freebsd_triage 2020-05-13 17:41:09 UTC
A commit references this bug:

Author: jhixson
Date: Wed May 13 17:40:41 UTC 2020
New revision: 535121
URL: https://svnweb.freebsd.org/changeset/ports/535121

Log:
  sysutils/ipfs-go: don't run as root

  PR:	218179
  Submitted by:	gspu <gspurki@gmail.com>

Changes:
  head/sysutils/ipfs-go/pkg-plist
Comment 9 John Hixson freebsd_committer freebsd_triage 2020-05-13 17:42:38 UTC
Committed. Thanks.