Bug 248953 - net/frr7: build option TCPSOCKETS is no-op
Summary: net/frr7: build option TCPSOCKETS is no-op
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Olivier Cochard
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-08-27 16:48 UTC by Eugene Grosbein
Modified: 2020-08-28 20:58 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (olivier)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Grosbein freebsd_committer 2020-08-27 16:48:32 UTC
frr7 has no means to disable TCP controlling sockets for daemons at compile time. Instead, it support run-time options like this:

zebra_flags="-P0"
ospfd_flags="-P0"

This should be used to disable listening TCP sockets as security feature.

TCPSOCKETS option of the port is misleading, does nothing and should be removed.
Also, it would be nice to give users a hint with pkg-message about safest way to run daemons.
Comment 1 Olivier Cochard freebsd_committer 2020-08-27 17:42:15 UTC
Thanks! will remove it.

Do you have a pkg-message example you like to have?
Comment 2 Eugene Grosbein freebsd_committer 2020-08-27 17:54:54 UTC
Something like this:

Beware that remote control of frr7 daemons over TCP sockets is enabled by default. Use daemon flags in /etc/rc.conf to disable it if unneeded, for example:

zebra_flags="-P0"
Comment 3 commit-hook freebsd_committer 2020-08-28 20:54:23 UTC
A commit references this bug:

Author: olivier
Date: Fri Aug 28 20:53:24 UTC 2020
New revision: 546828
URL: https://svnweb.freebsd.org/changeset/ports/546828

Log:
  Remove no more used option TCPSOCKETS.
  Add a hint about safest way to run daemons.

  PR:		248953
  Submitted by:	eugen

Changes:
  head/net/frr7/Makefile
  head/net/frr7/pkg-message
Comment 4 Olivier Cochard freebsd_committer 2020-08-28 20:58:03 UTC
Thanks!