security/trousers: Fix tcsd.conf permissions

It turns out that tcsd requires the ownership of tcsd.conf file to be set to root:_tss. See trousers-0.3.14_3/src/tcsd/tcsd_conf.c for details. Otherwise, tcsd fails: # service tcsd start Starting tcsd. /usr/local/etc/rc.d/tcsd: WARNING: failed to start tcsd # tail /var/log/messages Nov 4 11:24:43 x TCSD[1298]: TrouSerS ERROR: TCSD config file (/usr/local/etc/tcsd.conf) must be user/group root/_tss Nov 4 11:24:43 x 0mp[2372]: /usr/local/etc/rc.d/tcsd: WARNING: failed to start tcsd Also, the mode of the configuration file has to be 640. PR: 253858 Reported by: unitrunker <unitrunker@gmail.com> Approved by: maintainer timeout, portmgr blanket (runtime error) Sponsored by: Klara, Inc.
2022-11-04 11:29:24 +01:00 · 2022-11-04 11:29:24 +01:00 · 47c2569d89
commit 47c2569d89
parent 01e03aed2f
2 changed files with 6 additions and 3 deletions
--- a/security/trousers/Makefile
+++ b/security/trousers/Makefile
@ -1,6 +1,6 @@
 PORTNAME=	trousers
 PORTVERSION=	0.3.14
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	security
 MASTER_SITES=	SF

--- a/security/trousers/files/tcsd.in
+++ b/security/trousers/files/tcsd.in
@ -26,9 +26,12 @@ tcsd_precmd()
 {
 	/usr/bin/install -d -m 0700 -o %%USERS%% -g %%GROUPS%% \
 	    /var/run/tpm /var/run/ima %%PREFIX%%/var/lib/tpm
-	/usr/sbin/chown %%USERS%%:%%GROUPS%% \
+	# The configuration files must be owned by root so
+	# that the %%USERS%% user can only read (but not manipulate)
+	# the configuration file.
+	/usr/sbin/chown root:%%GROUPS%% \
 	    %%PREFIX%%/etc/tcsd.conf
-	/bin/chmod 0600 \
+	/bin/chmod 0640 \
 	    %%PREFIX%%/etc/tcsd.conf
 }