svn commit: r443770 - in head/security/tor: . files

Jochen Neumeister joneum at FreeBSD.org
Sat Jun 17 10:54:56 UTC 2017 

Author: joneum
Date: Sat Jun 17 10:54:54 2017
New Revision: 443770
URL: https://svnweb.freebsd.org/changeset/ports/443770

Log:
  - security/tor: Implemented setuid feature
   *The user should add tor_setuid=YES to /etc/rc.conf
    to make tor do setuid in runtime after opening the
    externally provided files.
  
  PR:		218587
  Submitted by:	xmj
  Approved by:	Yuri Victorovich <yuri at rawbw.com> (maintainer)
  Approved by:	miwi (mentor)
  Differential Revision:	https://reviews.freebsd.org/D11223

Modified:
  head/security/tor/Makefile
  head/security/tor/files/tor.in

Modified: head/security/tor/Makefile
==============================================================================
--- head/security/tor/Makefile	Sat Jun 17 10:54:15 2017	(r443769)
+++ head/security/tor/Makefile	Sat Jun 17 10:54:54 2017	(r443770)
@@ -3,6 +3,7 @@
 
 PORTNAME=	tor
 PORTVERSION=	0.3.0.8
+PORTREVISION=	1
 CATEGORIES=	security net ipv6
 MASTER_SITES=	TOR
 

Modified: head/security/tor/files/tor.in
==============================================================================
--- head/security/tor/files/tor.in	Sat Jun 17 10:54:15 2017	(r443769)
+++ head/security/tor/files/tor.in	Sat Jun 17 10:54:54 2017	(r443770)
@@ -21,6 +21,7 @@
 # tor_disable_default_instance (str):	Doesn't run the default instance.
 #			Only valid when tor_instances is used.
 #			Default: NO
+# tor_setuid (str):	Runtime setuid.  Default: NO
 #
 # The instance definition that tor_instances expects:
 # inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir}
@@ -42,6 +43,7 @@ load_rc_config ${name}
 : ${tor_pidfile="/var/run/tor/tor.pid"}
 : ${tor_datadir="/var/db/tor"}
 : ${tor_disable_default_instance="NO"}
+: ${tor_setuid="NO"}
 
 instance=${slave_instance}
 if [ -n "${instance}" ]; then
@@ -111,6 +113,18 @@ pidfile=${tor_pidfile}
 command="%%PREFIX%%/bin/${name}"
 command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir}"
 extra_commands="reload"
+
+if [ $tor_setuid = "YES" ]; then
+  if ! grep -q "^User ${tor_user}$" ${tor_conf}; then
+    echo "User ${tor_user}" >> ${tor_conf}
+  fi
+  tor_user="root"
+  tor_group="wheel"
+else
+  if grep -q "^User ${tor_user}$" ${tor_conf}; then
+    sed -i '' -e "s/^User ${tor_user}$//" ${tor_conf}
+  fi
+fi
 
 if ! run_rc_command "$1"; then
   exit_code=1

More information about the svn-ports-head mailing list