Bug 248953

Summary: net/frr7: build option TCPSOCKETS is no-op
Product: Ports & Packages Reporter: Eugene Grosbein <eugen>
Component: Individual Port(s)Assignee: Olivier Cochard <olivier>
Status: Closed FIXED    
Severity: Affects Some People Flags: bugzilla: maintainer-feedback? (olivier)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description Eugene Grosbein freebsd_committer freebsd_triage 2020-08-27 16:48:32 UTC 
frr7 has no means to disable TCP controlling sockets for daemons at compile time. Instead, it support run-time options like this:

zebra_flags="-P0"
ospfd_flags="-P0"

This should be used to disable listening TCP sockets as security feature.

TCPSOCKETS option of the port is misleading, does nothing and should be removed.
Also, it would be nice to give users a hint with pkg-message about safest way to run daemons.
Comment 1 Olivier Cochard freebsd_committer freebsd_triage 2020-08-27 17:42:15 UTC 
Thanks! will remove it.

Do you have a pkg-message example you like to have?
Comment 2 Eugene Grosbein freebsd_committer freebsd_triage 2020-08-27 17:54:54 UTC 
Something like this:

Beware that remote control of frr7 daemons over TCP sockets is enabled by default. Use daemon flags in /etc/rc.conf to disable it if unneeded, for example:

zebra_flags="-P0"
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-08-28 20:54:23 UTC 
A commit references this bug:

Author: olivier
Date: Fri Aug 28 20:53:24 UTC 2020
New revision: 546828
URL: https://svnweb.freebsd.org/changeset/ports/546828

Log:
  Remove no more used option TCPSOCKETS.
  Add a hint about safest way to run daemons.

  PR:		248953
  Submitted by:	eugen

Changes:
  head/net/frr7/Makefile
  head/net/frr7/pkg-message
Comment 4 Olivier Cochard freebsd_committer freebsd_triage 2020-08-28 20:58:03 UTC 
Thanks!