Bug 247140 - security/honeytrap: Add option to run service as root
Summary: security/honeytrap: Add option to run service as root
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Steve Wills
URL:
Keywords: buildisok
Depends on:
Blocks:
 
Reported: 2020-06-10 09:17 UTC by ezri.mudde
Modified: 2020-08-04 11:01 UTC (History)
2 users (show)

See Also:
swills: maintainer-feedback?


Attachments
patch (1.42 KB, patch)
2020-06-10 09:17 UTC, ezri.mudde
no flags Details | Diff
patch 2 (1.36 KB, patch)
2020-07-21 15:09 UTC, ezri.mudde
no flags Details | Diff
patch 3 (4.05 KB, patch)
2020-07-22 12:32 UTC, ezri.mudde
no flags Details | Diff
proposed patch (9.00 KB, patch)
2020-08-02 16:38 UTC, Steve Wills
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description ezri.mudde 2020-06-10 09:17:13 UTC
Created attachment 215417 [details]
patch

This patch adds the option to run the service as root. This enables the service to bind to system ports.
Comment 1 Bugzilla Automation freebsd_committer 2020-06-10 09:17:13 UTC
Maintainer informed via mail
Comment 2 Steve Wills freebsd_committer 2020-06-11 02:12:45 UTC
Doesn't rc.subr handle this for you? The man page documents ${name}_user and /etc/rc.subr calls "su -m $_user ...".
Comment 3 ezri.mudde 2020-07-20 07:47:52 UTC
I didn't know that, wasn't in the rc.d scripting guide. I'm not sure when I'll be able to change the port to use that instead.
Comment 4 ezri.mudde 2020-07-21 15:09:09 UTC
Created attachment 216631 [details]
patch 2

Removed code in honetrap.in from previous patch and rewrite it
Comment 5 ezri.mudde 2020-07-22 12:32:39 UTC
Created attachment 216661 [details]
patch 3

Update to latest HoneyTrap version, add go build flags and patch for build constants.
Comment 6 Steve Wills freebsd_committer 2020-08-02 16:38:14 UTC
Created attachment 216962 [details]
proposed patch

(In reply to ezri.mudde from comment #5)
Thanks for the patch!

FWIW, the Porters Handbook:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/rc-scripts.html

and the Scripting Guide:

https://www.freebsd.org/doc/en_US.ISO8859-1/articles/rc-scripting/article.html

do reference the rc.subr(8) man page:

https://www.freebsd.org/cgi/man.cgi?query=rc.subr&sektion=8&manpath=freebsd-release-ports

which documents ${name}_user.

Also, I've made some improvements to the Makefile and the rc script, please take a look and test if you can. Seems to work OK for me. Still waiting on maintainer (remco.verhoef@dutchsec.com) feedback, but maybe that will time out.
Comment 7 Steve Wills freebsd_committer 2020-08-02 16:40:54 UTC
(In reply to Steve Wills from comment #6)
Or perhaps remco.verhoef@dutchsec.com is you? It's not clear to me why the maintainer line in the port doesn't match here.
Comment 8 ezri.mudde 2020-08-04 07:17:05 UTC
He's my boss and usually pretty busy, I'll see if I can get him to approve the patch.
Comment 9 ezri.mudde 2020-08-04 11:01:14 UTC
(In reply to Steve Wills from comment #7)
I talked with my boss and said I could change the maintainer to me. I'll test your patch and change the maintainer after.