Import of chrootuid-1.2:

--
Chrootuid makes it easy to run network services at a low privilege
level and with restricted file system access. This utility employs
both chroot and su to confine users to specified areas by assigning
appropriate userids.

Chrootuid was written by Wietse Venema; this port includes Phil
Pennock's initgroups patch.

WWW: http://www.porcupine.org/

MAINTAINER= Jason Peel <jsyn@openbsd.org>

An initial port skeleton was donated by the farmer who uses BSD.

security/chrootuid/Makefile

@@ -0,0 +1,39 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2001/07/27 18:48:18 jsyn Exp $
+
+COMMENT=		"control chroot and su access rights by application"
+
+VERSION=		1.2
+DISTNAME=		chrootuid${VERSION}
+PKGNAME=		chrootuid-${VERSION}
+CATEGORIES=		security
+NEED_VERSION=		1.427
+
+HOMEPAGE=		http://www.porcupine.org/
+
+MAINTAINER=		Jason Peel <jsyn@openbsd.org>
+
+PERMIT_PACKAGE_CDROM=	Yes
+PERMIT_PACKAGE_FTP=	Yes
+PERMIT_DISTFILES_CDROM=	Yes
+PERMIT_DISTFILES_FTP=	Yes
+
+MASTER_SITES=		ftp://ftp.porcupine.org/pub/security/ \
+			ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/chrootuid/
+
+EXTRACT_SUFX=		.shar.Z
+EXTRACT_CASES=		*.shar.Z) zcat ${FULLDISTDIR}/$$archive | gunshar;;
+
+BUILD_DEPENDS=		gunshar::archivers/gshar+gunshar
+
+WRKDIST=		${WRKDIR}
+
+ALL_TARGET=		chrootuid
+MAKE_FLAGS=		CC="${CC}" CFLAGS='${CFLAGS} -DUSE_SYSCTL'
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/chrootuid ${PREFIX}/sbin/chrootuid
+	${INSTALL_MAN} ${WRKSRC}/chrootuid.1 ${PREFIX}/man/man1
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/chrootuid
+	${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/chrootuid
+
+.include <bsd.port.mk>

security/chrootuid/files/md5

@@ -0,0 +1,3 @@
+MD5 (chrootuid1.2.shar.Z) = 2ebf68f6d14c42947bb5160a20729f5f
+RMD160 (chrootuid1.2.shar.Z) = cdb05abd021228987fd9f013cf7024287162e054
+SHA1 (chrootuid1.2.shar.Z) = 4fd76a4d67b511232edcd145213b179da6fadd07

security/chrootuid/patches/patch-Makefile

@@ -0,0 +1,12 @@
+$OpenBSD: patch-Makefile,v 1.1.1.1 2001/07/27 18:48:18 jsyn Exp $
+--- Makefile.orig	Sat Jan 22 15:59:52 2000
++++ Makefile	Sat Jan 22 16:01:26 2000
+@@ -1,7 +1,7 @@
+ # @(#) Makefile 1.2 93/08/12 16:09:29
+ 
+ FILES	= README Makefile chrootuid.c chrootuid.1
+-CFLAGS	= -O 
++CFLAGS	?= -O 
+ 
+ all:	chrootuid chrootuid.1
+ 

security/chrootuid/patches/patch-chrootuid_c

@@ -0,0 +1,94 @@
+$OpenBSD: patch-chrootuid_c,v 1.1.1.1 2001/07/27 18:48:18 jsyn Exp $
+--- chrootuid.c.orig	Fri Mar 31 10:56:38 2000
++++ chrootuid.c	Fri Mar 31 11:47:31 2000
+@@ -34,6 +34,7 @@
+ /* VERSION/RELEASE
+ /*	1.2
+ /*--*/
++/* MODIFIED FROM ORIGINAL SOURCE! Phil Pennock <codehacks@globnix.org> */
+ 
+ #ifndef lint
+ static char sccsid[] = "@(#) chrootuid.c 1.2 93/08/15 22:19:27";
+@@ -41,14 +42,25 @@
+ 
+ /* System libraries. */
+ 
++#include <stdlib.h>
+ #include <pwd.h>
+ #include <syslog.h>
++#include <sys/param.h>
++#ifdef USE_SYSCTL
++# include <sys/types.h>
++# include <sys/sysctl.h>
++#else
++# ifndef NGROUPS
++#  define NGROUPS 16
++# endif
++#endif
+ 
+-main(argc, argv)
+-int     argc;
+-char  **argv;
++int
++main(int argc, char *argv[])
+ {
+     struct passwd *pwd;
++    int *groups;
++    int ngroups;
+ 
+     /*
+      * Open a channel to the syslog daemon. Older versions of openlog()
+@@ -71,6 +83,10 @@
+ 	syslog(LOG_ERR, "usage: %s path user command", argv[0]);
+ 	return (0);
+     }
++
++    syslog(LOG_NOTICE, "chrootuid: dir(%s) user(%s) command(%s)",
++	argv[1], argv[2], argv[3]);
++
+     /* Must step into the new subtree. */
+ 
+     if (chdir(argv[1])) {
+@@ -83,6 +99,30 @@
+ 	syslog(LOG_ERR, "%s: user unknown", argv[2]);
+ 	return (0);
+     }
++#ifdef USE_SYSCTL
++    {
++	int mib[2];
++	size_t len;
++
++	mib[0] = CTL_KERN;
++	mib[1] = KERN_NGROUPS;
++	len = sizeof(ngroups);
++	if (sysctl(mib, 2, &ngroups, &len, NULL, 0)) {
++	    syslog(LOG_ERR, "failed to get kern.ngroups: %m");
++	    return (0);
++	}
++    }
++#else
++    ngroups = NGROUPS;
++#endif
++    if (!(groups = calloc(ngroups, sizeof(int)))) {
++	syslog(LOG_ERR, "failed to allocate memory: %m");
++	return (0);
++    }
++    if (getgrouplist(argv[2], pwd->pw_gid, groups, &ngroups) == -1) {
++	syslog(LOG_WARNING, "failed to get all groups for user '%s': %m",
++	    argv[2]);
++    }
+     /* Do the chroot() before giving away root privileges. */
+ 
+     if (chroot(argv[1])) {
+@@ -94,6 +134,9 @@
+     if (setgid(pwd->pw_gid)) {
+ 	syslog(LOG_ERR, "setgid(%d): %m", pwd->pw_gid);
+ 	return (0);
++    }
++    if (setgroups(ngroups, (const gid_t *)groups)) {
++	syslog(LOG_WARNING, "setgroups failed: %m");
+     }
+     if (setuid(pwd->pw_uid)) {
+ 	syslog(LOG_ERR, "setuid(%d): %m", pwd->pw_uid);
+
+

security/chrootuid/pkg/DESCR

@@ -0,0 +1,9 @@
+Chrootuid makes it easy to run network services at a low privilege
+level and with restricted file system access. This utility employs
+both chroot and su to confine users to specified areas by assigning
+appropriate userids.
+
+Chrootuid was written by Wietse Venema; this port includes Phil
+Pennock's initgroups patch.
+
+WWW: ${HOMEPAGE}

security/chrootuid/pkg/PLIST

@@ -0,0 +1,5 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2001/07/27 18:48:18 jsyn Exp $
+man/man1/chrootuid.1
+sbin/chrootuid
+share/doc/chrootuid/README
+@dirrm share/doc/chrootuid