From f512eeee4f3fa8f694308039fc44da1fff4e45f0 Mon Sep 17 00:00:00 2001 From: Martin Wilke Date: Wed, 30 May 2007 05:51:26 +0000 Subject: [PATCH] - Make setuid operation and user creation configurable, as requested by users PR: 111915 Submitted by: Sten Spans (maintainer) --- dns/powerdns-recursor/Makefile | 13 ++++++++++--- dns/powerdns-recursor/files/extrapatch-setuid | 13 +++++++++++++ .../files/patch-pdns_nameserver.cc | 11 ----------- 3 files changed, 23 insertions(+), 14 deletions(-) create mode 100644 dns/powerdns-recursor/files/extrapatch-setuid diff --git a/dns/powerdns-recursor/Makefile b/dns/powerdns-recursor/Makefile index 71317aae8cfd..d2438e8704e5 100644 --- a/dns/powerdns-recursor/Makefile +++ b/dns/powerdns-recursor/Makefile @@ -7,7 +7,7 @@ PORTNAME= powerdns-recursor PORTVERSION= 3.1.4 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= dns ipv6 MASTER_SITES= http://downloads.powerdns.com/releases/ \ http://mirrors.evolva.ro/powerdns.com/releases/ @@ -20,9 +20,10 @@ BUILD_DEPENDS= bjam:${PORTSDIR}/devel/boost USE_BZIP2= yes USE_GMAKE= yes -USE_GCC= 3.4 +USE_GCC= 3.4+ -OPTIONS= STATIC "Enable Full STATIC" off +OPTIONS= STATIC "Enable Full STATIC" off \ + SETUID "Run as pdns_recursor user" on CXXFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib @@ -41,6 +42,10 @@ MAKE_ENV+=STATIC=full PLIST_SUB+= STATIC="@comment " .endif +.if defined(WITH_SETUID) +EXTRA_PATCHES+= ${PATCHDIR}/extrapatch-setuid +.endif + .if exists(/usr/include/ucontext.h) && ${OSVERSION} >= 500000 UCONTEXT!= ${AWK} '/setcontext/ { print "YES" }' \ /usr/include/ucontext.h @@ -57,9 +62,11 @@ post-patch: @${REINPLACE_CMD} -e 's;"/etc/powerdns/";"${PREFIX}/etc/pdns/";' \ ${WRKSRC}/config.h +.if defined(WITH_SETUID) pre-install: @${ECHO} "==> Creating custom user to run pdns_recursor..." @${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL +.endif post-install: .if !exists(${PREFIX}/etc/pdns/recursor.conf) diff --git a/dns/powerdns-recursor/files/extrapatch-setuid b/dns/powerdns-recursor/files/extrapatch-setuid new file mode 100644 index 000000000000..50db88ce9e7a --- /dev/null +++ b/dns/powerdns-recursor/files/extrapatch-setuid @@ -0,0 +1,13 @@ +--- pdns_recursor.cc.orig Wed Jan 17 23:45:51 2007 ++++ pdns_recursor.cc Thu Jan 18 00:01:47 2007 +@@ -1669,8 +1669,8 @@ + ::arg().set("daemon","Operate as a daemon")="yes"; + ::arg().set("log-common-errors","If we should log rather common errors")="yes"; + ::arg().set("chroot","switch to chroot jail")=""; +- ::arg().set("setgid","If set, change group id to this gid for more security")=""; +- ::arg().set("setuid","If set, change user id to this uid for more security")=""; ++ ::arg().set("setgid","If set, change group id to this gid for more security")="pdns"; ++ ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor"; + #ifdef WIN32 + ::arg().set("quiet","Suppress logging of questions and answers")="off"; + ::arg().setSwitch( "register-service", "Register the service" )= "no"; diff --git a/dns/powerdns-recursor/files/patch-pdns_nameserver.cc b/dns/powerdns-recursor/files/patch-pdns_nameserver.cc index 77c15dc68a95..4e300d6b0594 100644 --- a/dns/powerdns-recursor/files/patch-pdns_nameserver.cc +++ b/dns/powerdns-recursor/files/patch-pdns_nameserver.cc @@ -1,16 +1,5 @@ --- pdns_recursor.cc.orig Wed Jan 17 23:45:51 2007 +++ pdns_recursor.cc Thu Jan 18 00:01:47 2007 -@@ -1669,8 +1669,8 @@ - ::arg().set("daemon","Operate as a daemon")="yes"; - ::arg().set("log-common-errors","If we should log rather common errors")="yes"; - ::arg().set("chroot","switch to chroot jail")=""; -- ::arg().set("setgid","If set, change group id to this gid for more security")=""; -- ::arg().set("setuid","If set, change user id to this uid for more security")=""; -+ ::arg().set("setgid","If set, change group id to this gid for more security")="pdns"; -+ ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor"; - #ifdef WIN32 - ::arg().set("quiet","Suppress logging of questions and answers")="off"; - ::arg().setSwitch( "register-service", "Register the service" )= "no"; @@ -1691,7 +1691,7 @@ ::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2"; ::arg().set("max-tcp-clients","Maximum number of simultaneous TCP clients")="128";