mtr tweaks:

- fix displayed version string (problem from github tarball). - add a new _mtr user - drop mtr-packet to _mtr rather than to getgid()/getuid() - chroot to /var/empty
2017-06-02 16:50:16 +00:00 · 2017-06-02 16:50:16 +00:00 · 60661e59f0
commit 60661e59f0
parent 08379f83f9
3 changed files with 40 additions and 17 deletions
--- a/net/mtr/Makefile
+++ b/net/mtr/Makefile
@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.62 2017/06/02 14:30:26 sthen Exp $
+# $OpenBSD: Makefile,v 1.63 2017/06/02 16:50:16 sthen Exp $

 COMMENT=	Matt's traceroute - network diagnostic tool#'

 GH_ACCOUNT=	traviscross
 GH_PROJECT=	mtr
 GH_TAGNAME=	v0.92
+REVISION=	0

 CATEGORIES=	net

@ -48,6 +49,8 @@ CONFIGURE_ARGS+=	--without-glib \
 .endif

 post-patch:
+	printf '#!/bin/sh\necho -n ${GH_TAGNAME:S/v//}\n' \
+	    > ${WRKSRC}/build-aux/git-version-gen
 	cd ${WRKSRC}; AUTOCONF_VERSION=${AUTOCONF_VERSION} \
 	    AUTOMAKE_VERSION=${AUTOMAKE_VERSION} ./bootstrap.sh
 	touch ${WRKSRC}/config.h.in
--- a/net/mtr/patches/patch-packet_packet_c
+++ b/net/mtr/patches/patch-packet_packet_c
@ -1,23 +1,41 @@
-$OpenBSD: patch-packet_packet_c,v 1.1 2017/06/02 14:30:27 sthen Exp $
-
-Not yet enabled, requires additional sockopts:
-
-SOL_SOCKET:	SO_REUSEADDR, SO_REUSEPORT
-IPPROTO_IPV6:	IPV6_CHECKSUM
+$OpenBSD: patch-packet_packet_c,v 1.2 2017/06/02 16:50:16 sthen Exp $

 Index: packet/packet.c
 --- packet/packet.c.orig
 +++ packet/packet.c
-@@ -65,6 +65,12 @@ int drop_elevated_permissions(
-     }
- #endif
+@@ -23,6 +23,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
+#include <pwd.h>
 
-+#ifdef __OpenBSD__
-+    if (0 && pledge("stdio inet", NULL) == -1) {
+ #ifdef HAVE_LIBCAP
+ #include <sys/capability.h>
+@@ -38,11 +39,25 @@ int drop_elevated_permissions(
+ #ifdef HAVE_LIBCAP
+     cap_t cap;
+ #endif
+    struct passwd *pw;
+ 
+-    /*  Drop any suid permissions granted  */
+-    if (setgid(getgid()) || setuid(getuid())) {
+    if ((pw = getpwnam("_mtr")) == NULL) {
+         return -1;
+     }
+    if (chroot("/var/empty") == -1) {
 +        return -1;
 +    }
-+#endif
-+
-     return 0;
- }
+    if (chdir("/") == -1) {
+        return -1;
+    }
+    if (pw) {
+        if (setgroups(1, &pw->pw_gid) == -1 ||
+            setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 ||
+            setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
+                return -1;
+        }
+    }
+    endpwent();
 
+     if (geteuid() != getuid() || getegid() != getgid()) {
+         return -1;
--- a/net/mtr/pkg/PLIST
+++ b/net/mtr/pkg/PLIST
@ -1,4 +1,6 @@
-@comment $OpenBSD: PLIST,v 1.9 2017/06/02 14:30:27 sthen Exp $
+@comment $OpenBSD: PLIST,v 1.10 2017/06/02 16:50:16 sthen Exp $
+@newgroup _mtr:790
+@newuser _mtr:790:_mtr::mtr user:/nonexistent:/sbin/nologin
 !%%gtk%%
@man man/man8/mtr-packet.8
@man man/man8/mtr.8