drop privileges to _iftop user. ok kili

net/iftop/Makefile

@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2008/04/04 22:12:46 sthen Exp $
+# $OpenBSD: Makefile,v 1.2 2009/01/27 01:03:38 sthen Exp $
 
 COMMENT =		display bandwidth usage on an inteface
 
 DISTNAME =		iftop-0.17
+PKGNAME =		${DISTNAME}p0
 CATEGORIES =		net
 
 HOMEPAGE =		http://www.ex-parrot.com/~pdw/iftop/

net/iftop/patches/patch-iptop.c

@@ -1,14 +1,29 @@
---- iftop.c.orig	Sun Dec 16 16:39:56 2007
-+++ iftop.c	Sun Dec 16 16:40:10 2007
-@@ -561,7 +561,6 @@
+--- iftop.c.orig	Thu Mar 31 13:08:05 2005
++++ iftop.c	Mon Jan 26 22:48:19 2009
+@@ -25,6 +25,8 @@
+ #include <signal.h>
+ #include <string.h>
+ #include <unistd.h>
++#include <pwd.h>
++#include <err.h>
+ 
+ #include "iftop.h"
+ #include "addr_hash.h"
+@@ -561,8 +563,12 @@ void packet_loop(void* ptr) {
   * Entry point. See usage(). */
  int main(int argc, char **argv) {
      pthread_t thread;
 -    struct sigaction sa = {};
++    struct passwd *pw;
  
++    if ((pw = getpwnam("_iftop")) == NULL) {
++        errx(1, "no such user: _iftop");
++    }
++
      /* TODO: tidy this up */
      /* read command line options and config file */   
-@@ -572,9 +571,6 @@
+     config_init();
+@@ -572,12 +578,16 @@ int main(int argc, char **argv) {
      read_config(options.config_file, options.config_file_specified);
      options_make();
      
@@ -18,3 +33,13 @@
      pthread_mutex_init(&tick_mutex, NULL);
  
      packet_init();
++
++    if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1)
++        err(1,"setresgid");
++    if (setgroups(1, &pw->pw_gid) == -1)
++        err(1,"setgroups");
++    if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
++        err(1,"setresuid");
+ 
+     init_history();
+ 

net/iftop/pkg/PLIST

@@ -1,3 +1,5 @@
-@comment $OpenBSD: PLIST,v 1.1.1.1 2008/04/04 22:12:46 sthen Exp $
+@comment $OpenBSD: PLIST,v 1.2 2009/01/27 01:03:38 sthen Exp $
+@newgroup _iftop:615
+@newuser _iftop:615:_iftop::iftop user:/nonexistent:/sbin/nologin
 bin/iftop
 @man man/man8/iftop.8