The Unreal IRCD daemon has compile options that allow for a designated user to deescalate privilege rights to after binding to a network port. irc servers are fairly high profile for various network based attacks. Unreal IRCD has had its share of remote execution bugs, and even in June of 2010 a backdoor was discovered in the unrealircd code that was inserted back in 2009. I would like to ask the port maintainer: gerrit.beine@gmx.de to use my attached patch to start unrealircd as the 'ircd' user and group. There is also an option to provide a chroot directory which could limit filesystem access were an exploit attempted. If Gerrit is interested, I could submit a patch that would also account for the option of Chrooting the UnrealIRCD process and further secure its running state. Please accept the attached patch as a means of addressing the stated issue of running the daemon as root. It also appears that the MASTER Sites are both incorrect. The correct master site should be: http://www.unrealircd.com/downloads/Unreal3.2.8.1.tar.gz Right now the port builds against src that is dated months prior to the warning date on the unreal website for the backdoor'd source. I have followed the directions (http://forums.unrealircd.com/viewtopic.php?t=6562) And manually verified that the backdoor is not present, but it is mildly alarming that the code is question is dated the same year as the backdoor with no valid master site to pull from. Fix: Add the USERS and GROUPS entry in the Makefile, add the SUB_LIST Options to make the variable available for the patches to reference. Patch include/config.h file to define the user and group to deescalate privileges down to at run time. Please let me know if there is interest in my submitting a patch to support the Chroot option for UnrealIRCD Update the MASTER_SITES = http://www.unrealircd.com/downloads/ Patch attached with submission follows: How-To-Repeat: /usr/local/etc/rc.d/unrealircd start hostname# ps awwwux | grep ircd root 75870 0.0 1.9 20836 4692 0- S 8:44AM 0:03.13 ircd: hostname.com (ircd)
Maintainer of irc/unreal, Please note that PR ports/155143 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/155143 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
This PR was opened March 1st. As there has been no response to this PR in 5 months, I would like to request port ownership for UnrealIRCD. It appears that this port has not been worked on since 2010. There are additional build options that can be added to increase the usefulness and security of this port which I would like to provide patches for. There is also an upcoming new release of the software that I would like to help make sure is patched appropriately. Thank you for your consideration. -Jr
State Changed From-To: feedback->open With portmgr hat, reassign maintainership of this port, as requested.
Class Changed From-To: change-request->maintainer-update
Responsible Changed From-To: freebsd-ports-bugs->zi I'll take it.
I would say there is interest in being able to provide chroot functionality and would welcome a patch to add it to the port.
zi 2011-07-25 01:52:22 UTC FreeBSD ports repository Modified files: irc/unreal Makefile irc/unreal/files patch-config.h Log: Add ability to run as ircd user/group Pass maintainership to submitter Pacify portlint(1) Add LICENSE PR: ports/155143 Submitted by: Jr Aquino <tanawts@gmail.com> Approved by: wxs (mentor) Revision Changes Path 1.23 +11 -4 ports/irc/unreal/Makefile 1.3 +11 -0 ports/irc/unreal/files/patch-config.h _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, with minor changes. Thanks!