Privilege separation support for Xavante, okay jolan@

2005-09-06 16:51:44 +00:00 · 2005-09-06 16:51:44 +00:00 · 27b23cef05
commit 27b23cef05
parent 802e685b58
4 changed files with 40 additions and 6 deletions
--- a/www/xavante/Makefile
+++ b/www/xavante/Makefile
@ -1,7 +1,8 @@
-# $OpenBSD: Makefile,v 1.2 2005/08/02 17:41:07 pedro Exp $
+# $OpenBSD: Makefile,v 1.3 2005/09/06 16:51:44 pedro Exp $

 COMMENT=	"lua web server with cgi support"
 DISTNAME=	xavante-1.1
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	www
 MASTER_SITES=	http://luaforge.net/frs/download.php/958/

@ -18,7 +19,7 @@ PERMIT_DISTFILES_FTP=	Yes
 NO_BUILD=	Yes
 NO_REGRESS=	Yes
 BUILD_DEPENDS=	::lang/lua ::devel/luafs ::devel/luacompat ::net/luasocket \
-		::devel/luacopas ::devel/luavenv ::www/cgilua
+		::devel/luacopas ::devel/luavenv ::devel/luaposix ::www/cgilua
 RUN_DEPENDS=	${BUILD_DEPENDS}

 post-extract:
@ -28,6 +29,8 @@ post-extract:
 post-patch:
 	@perl -pi -e 's:\@xavanteweb@:${PREFIX}/examples/xavante/:g;' \
                ${WRKSRC}/src/t_xavante_start.lua
+	@perl -pi -e 's:\@localbase@:${LOCALBASE}:g;' \
+                ${WRKSRC}/src/t_xavante_start.lua

 do-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/lua/xavante
--- a/www/xavante/patches/patch-src_t_xavante_start_lua
+++ b/www/xavante/patches/patch-src_t_xavante_start_lua
@ -1,6 +1,12 @@
-$OpenBSD: patch-src_t_xavante_start_lua,v 1.1 2005/08/02 17:41:08 pedro Exp $
--- src/t_xavante_start.lua.orig	Mon Aug  1 06:52:03 2005
-+++ src/t_xavante_start.lua	Mon Aug  1 06:58:39 2005
+$OpenBSD: patch-src_t_xavante_start_lua,v 1.2 2005/09/06 16:51:44 pedro Exp $
+--- src/t_xavante_start.lua.orig	Mon Jul  4 15:37:44 2005
+++ src/t_xavante_start.lua	Thu Aug 18 13:57:10 2005
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/lua50
+#!@localbase@/bin/lua
+ -------------------------------------------------------------------------------
+ -- Starts the Xavante Web server.
+ --
@@ -8,18 +8,10 @@
 -- Copyright (c) 2004-2005 Kepler Project
 -------------------------------------------------------------------------------
--- a/www/xavante/patches/patch-src_xavante_server_lua
+++ b/www/xavante/patches/patch-src_xavante_server_lua
@ -0,0 +1,23 @@
+$OpenBSD: patch-src_xavante_server_lua,v 1.1 2005/09/06 16:51:44 pedro Exp $
+--- src/xavante/server.lua.orig	Wed Jun 22 15:24:49 2005
+++ src/xavante/server.lua	Thu Aug 18 13:50:52 2005
+@@ -14,6 +14,7 @@
+ module ("xavante")
+ 
+ require "copas"
+require "posix"
+ require "xavante.httpd"
+ 
+ -- Meta information is public even begining with an "_"
+@@ -49,6 +50,11 @@ function HTTP(config)
+     config.server = config.server or {host = "*", port = 80}
+     
+     xavante.httpd.register(config.server.host, config.server.port, _VERSION)
+
+    -- Drop privileges.
+    assert(posix.setgid(552))
+    assert(posix.setuid(552))
+
+     if config.defaultHost then
+         _addRules(config.defaultHost.rules, "_")
+     end
--- a/www/xavante/pkg/PLIST
+++ b/www/xavante/pkg/PLIST
@ -1,4 +1,6 @@
-@comment $OpenBSD: PLIST,v 1.2 2005/08/02 17:41:08 pedro Exp $
+@comment $OpenBSD: PLIST,v 1.3 2005/09/06 16:51:44 pedro Exp $
+@newgroup _xavante:552
+@newuser _xavante:552:552:daemon:Xavante WWW Server:/var/empty:/sbin/nologin
@unexec lua ${SYSCONFDIR}/lua/luapkg.lua del xavante
 bin/xavante
 examples/