Summary: | sysutils/ipfs-go runs with root privilege | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Gian-Simon Purkert <gspurki> | ||||
Component: | Individual Port(s) | Assignee: | John Hixson <jhixson> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | dmgk, milios, w.schwarzenfeld | ||||
Priority: | --- | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Gian-Simon Purkert
2017-03-28 08:43:01 UTC
sry: /var/db/ipfs Runs still with root, please add a user special for ipfs otherwise its too dangerous. Feedback please! This port violates chapter 5.4 of PHB which mentions that MASTER_SITES/DISTNAME refers to "source archive", and for sysutils/ipfs-go it isn't a source archive. It should be removed. (In reply to w.schwarzenfeld from comment #3) This port needs to be reimplemented to solve mentioned problems. This port no longer runs as the root user. This bug report can be closed. Created attachment 214085 [details]
svn diff from /usr/ports/sysutils/ipfs-go
USE_RC_SUBR implicitly adds the script to the end of the plist, affected by @owner and @group.
The rc.d script is getting installed owned by ipfs-go user which is a springboard to root privileges from ipfs daemon.
This patch fixes that
A commit references this bug: Author: jhixson Date: Wed May 13 17:40:41 UTC 2020 New revision: 535121 URL: https://svnweb.freebsd.org/changeset/ports/535121 Log: sysutils/ipfs-go: don't run as root PR: 218179 Submitted by: gspu <gspurki@gmail.com> Changes: head/sysutils/ipfs-go/pkg-plist Committed. Thanks. |