- don't abuse nobody: drop privs to _ettercap instead

- add missing man page correction patch of that uid will used ok naddy@
2009-08-06 23:44:07 +00:00 · 2009-08-06 23:44:07 +00:00 · 486604ee9a
commit 486604ee9a
parent cae7248923
4 changed files with 20 additions and 6 deletions
--- a/net/ettercap/Makefile
+++ b/net/ettercap/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.41 2009/03/16 11:05:45 sthen Exp $
+# $OpenBSD: Makefile,v 1.42 2009/08/06 23:44:07 martynas Exp $

 SHARED_ONLY=	Yes

@ -6,7 +6,7 @@ COMMENT=	multi-purpose sniffer/interceptor/logger

 VER=		0.7.3
 DISTNAME=	ettercap-NG-${VER}
-PKGNAME=	ettercap-${VER}p2
+PKGNAME=	ettercap-${VER}p3
 CATEGORIES=	net
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=ettercap/}

--- a/net/ettercap/patches/patch-man_ettercap_8
+++ b/net/ettercap/patches/patch-man_ettercap_8
@ -0,0 +1,12 @@
+$OpenBSD: patch-man_ettercap_8,v 1.1 2009/08/06 23:44:07 martynas Exp $
+--- man/ettercap.8.orig	Fri May 27 18:12:11 2005
+++ man/ettercap.8	Tue Aug  4 22:09:19 2009
+@@ -164,7 +164,7 @@ the subnet.
+ .SH PRIVILEGES DROPPING
+ ettercap needs root privileges to open the Link Layer sockets. After the
+ initialization phase, the root privs are not needed anymore, so ettercap drops
+-them to UID = 65535 (nobody). Since ettercap has to write (create) log files,
+them to UID = 636 (_ettercap). Since ettercap has to write (create) log files,
+ it must be executed in a directory with the right permissions (e.g. /tmp/). If
+ you want to drop privs to a different uid, you can export the environment
+ variable EC_UID with the value of the uid you want to drop the privs to (e.g.
--- a/net/ettercap/patches/patch-share_etter_conf
+++ b/net/ettercap/patches/patch-share_etter_conf
@ -1,4 +1,4 @@
-$OpenBSD: patch-share_etter_conf,v 1.2 2008/07/16 20:15:48 brad Exp $
+$OpenBSD: patch-share_etter_conf,v 1.3 2009/08/06 23:44:07 martynas Exp $
 --- share/etter.conf.orig	Tue Oct 12 11:28:38 2004
 +++ share/etter.conf	Wed Jul 16 15:49:45 2008
@@ -14,8 +14,8 @@
@ -7,8 +7,8 @@ $OpenBSD: patch-share_etter_conf,v 1.2 2008/07/16 20:15:48 brad Exp $
 [privs]
 -ec_uid = 65534                # nobody is the default
 -ec_gid = 65534                # nobody is the default
-+ec_uid = 32767                # nobody is the default
-+ec_gid = 32767                # nobody is the default
+ec_uid = 636                  # _ettercap is the default
+ec_gid = 636                  # _ettercap is the default
 
 [mitm]
 arp_storm_delay = 10          # milliseconds
--- a/net/ettercap/pkg/PLIST
+++ b/net/ettercap/pkg/PLIST
@ -1,4 +1,6 @@
-@comment $OpenBSD: PLIST,v 1.16 2008/07/16 20:15:48 brad Exp $
+@comment $OpenBSD: PLIST,v 1.17 2009/08/06 23:44:07 martynas Exp $
+@newgroup _ettercap:636
+@newuser _ettercap:636:_ettercap::ettercap:/nonexistent:/sbin/nologin
@bin bin/ettercap
@bin bin/etterfilter
@bin bin/etterlog