4 files changed, 164 insertions, 11 deletions

diff --git a/devel/gamin/Makefile b/devel/gamin/Makefile
index 7ca26653ef0a..e9e58c68c60b 100644
--- a/devel/gamin/Makefile
+++ b/devel/gamin/Makefile
@@ -4,7 +4,7 @@
 
 PORTNAME=	gamin
 PORTVERSION=	0.1.10
-PORTREVISION?=	4
+PORTREVISION?=	5
 CATEGORIES?=	devel
 MASTER_SITES=	http://people.gnome.org/~veillard/gamin/sources/
 
@@ -27,9 +27,11 @@ CONFLICTS=	fam-[0-9]*
 GNU_CONFIGURE=	yes
 
 .if !defined(GAMIN_SLAVE)
-OPTIONS_DEFINE=	GAM_POLLER LIBINOTIFY
+OPTIONS_DEFINE=	GAM_POLLER LIBINOTIFY RUN_AS_EUID
+OPTIONS_DEFAULT=RUN_AS_EUID
 GAM_POLLER_DESC=Use gamin's poller instead of kqueue's
 LIBINOTIFY_DESC=Use libinotify as the FAM backend
+RUN_AS_EUID_DESC=Drop privileges to effective user
 .endif
 
 .include <bsd.port.options.mk>
@@ -48,6 +50,10 @@ CONFIGURE_ARGS+=--disable-inotify
 .endif
 .endif
 
+.if ${PORT_OPTIONS:MRUN_AS_EUID}
+CPPFLAGS+=	-DRUN_AS_EUID=1
+.endif
+
 post-patch:
 	@${REINPLACE_CMD} "s|/etc|${PREFIX}/etc|g" ${WRKSRC}/server/gam_conf.c
 
diff --git a/devel/gamin/files/patch-libgamin_gam_api.c b/devel/gamin/files/patch-libgamin_gam_api.c
index 7c46e93354a3..9f2672c1d936 100644
--- a/devel/gamin/files/patch-libgamin_gam_api.c
+++ b/devel/gamin/files/patch-libgamin_gam_api.c
@@ -1,5 +1,5 @@
---- libgamin/gam_api.c.orig	Tue Feb  7 17:49:07 2006
-+++ libgamin/gam_api.c	Tue Feb  7 17:49:13 2006
+--- libgamin/gam_api.c.orig	2007-08-27 03:21:03.000000000 -0700
++++ libgamin/gam_api.c	2013-02-16 15:51:11.927100135 -0800
 @@ -14,6 +14,7 @@
  #include <sys/socket.h>
  #include <sys/un.h>
@@ -8,7 +8,43 @@
  #include "fam.h"
  #include "gam_protocol.h"
  #include "gam_data.h"
-@@ -421,10 +422,10 @@
+@@ -117,7 +118,11 @@
+     if (user_name[0] != 0)
+         return (user_name);
+ 
++#ifdef RUN_AS_EUID
++    pw = getpwuid(geteuid());
++#else
+     pw = getpwuid(getuid());
++#endif
+ 
+     if (pw != NULL) {
+ 	strncpy(user_name, pw->pw_name, 99);
+@@ -224,7 +229,11 @@
+ 	free(dir);
+ 	return(0);
+     }
++#ifdef RUN_AS_EUID
++    if (st.st_uid != geteuid()) {
++#else
+     if (st.st_uid != getuid()) {
++#endif
+ 	gam_error(DEBUG_INFO,
+ 		  "Socket directory %s has different owner\n",
+ 		  dir);
+@@ -301,7 +310,11 @@
+     if (ret < 0)
+ 	return(0);
+     
++#ifdef RUN_AS_EUID
++    if (st.st_uid != geteuid()) {
++#else
+     if (st.st_uid != getuid()) {
++#endif
+ 	gam_error(DEBUG_INFO,
+ 		  "Socket %s has different owner\n",
+ 		  path);
+@@ -428,10 +441,10 @@
  {
      char data[2] = { 0, 0 };
      int written;
@@ -22,7 +58,7 @@
      } cmsg;
      struct iovec iov;
      struct msghdr msg;
-@@ -436,16 +437,16 @@
+@@ -443,16 +456,16 @@
      msg.msg_iov = &iov;
      msg.msg_iovlen = 1;
  
@@ -43,7 +79,7 @@
      written = sendmsg(fd, &msg, 0);
  #else
      written = write(fd, &data[0], 1);
-@@ -647,15 +648,16 @@
+@@ -654,15 +667,20 @@
      gid_t c_gid;
  
  #ifdef HAVE_CMSGCRED
@@ -56,14 +92,18 @@
      } cmsg;
  #endif
  
++#ifdef RUN_AS_EUID
++    s_uid = geteuid();
++#else
      s_uid = getuid();
++#endif
  
 -#if defined(LOCAL_CREDS) && defined(HAVE_CMSGCRED)
 +#if defined(LOCAL_CREDS) && defined(HAVE_CMSGCRED) && !defined(__FreeBSD__)
      /* Set the socket to receive credentials on the next message */
      {
          int on = 1;
-@@ -676,8 +678,8 @@
+@@ -683,8 +701,8 @@
  
  #ifdef HAVE_CMSGCRED
      memset(&cmsg, 0, sizeof(cmsg));
@@ -74,7 +114,7 @@
  #endif
  
  retry:
-@@ -694,7 +696,7 @@
+@@ -701,7 +719,7 @@
          goto failed;
      }
  #ifdef HAVE_CMSGCRED
@@ -83,7 +123,7 @@
          GAM_DEBUG(DEBUG_INFO,
                    "Message from recvmsg() was not SCM_CREDS\n");
          goto failed;
-@@ -720,9 +722,10 @@
+@@ -727,9 +745,10 @@
              goto failed;
          }
  #elif defined(HAVE_CMSGCRED)
@@ -97,7 +137,7 @@
  #else /* !SO_PEERCRED && !HAVE_CMSGCRED */
          GAM_DEBUG(DEBUG_INFO,
                    "Socket credentials not supported on this OS\n");
-@@ -1283,14 +1286,17 @@
+@@ -1288,14 +1307,17 @@
  
      // FIXME: drop and reacquire lock while blocked?
      gamin_data_lock(conn);
diff --git a/devel/gamin/files/patch-libgamin_gam_fork.c b/devel/gamin/files/patch-libgamin_gam_fork.c
new file mode 100644
index 000000000000..8ed0e222f769
--- /dev/null
+++ b/devel/gamin/files/patch-libgamin_gam_fork.c
@@ -0,0 +1,95 @@
+--- libgamin/gam_fork.c.orig	2007-07-04 06:36:48.000000000 -0700
++++ libgamin/gam_fork.c	2013-02-16 20:37:31.298176973 -0800
+@@ -42,6 +42,78 @@
+     return NULL;
+ }
+ 
++#ifdef RUN_AS_EUID
++/**
++ * gamin_drop_privileges
++ *
++ * Attempt to drop privileges to another user and group before forking
++ * a copy of the gam server
++ * 
++ * Return 0 in case of success or -1 in case of detected error.
++ */
++int
++gamin_drop_privileges(int to_uid, int to_gid)
++{
++    GAM_DEBUG(DEBUG_INFO, "Dropping privileges to %d:%d before forking server\n", to_uid, to_gid);
++
++    /* Get the current real user and group */
++    int from_uid = getuid();
++    int from_gid = getgid();
++
++    /* Make sure we were able to get the user and group values */
++    if ( from_uid == -1 || to_uid == -1 || from_gid == -1 || to_gid == -1 ) {
++        gam_error(DEBUG_INFO, "failed to get user or group info, unable to drop privileges\n");
++        return(-1);
++    }
++
++    /* Refuse to run setuid if it would escalate privileges */
++    if ( from_uid != 0 && to_uid == 0 )
++    {
++        gam_error(DEBUG_INFO, "refusing to escalate user privileges from=%d to=%d\n", from_uid, to_uid);
++        return(-1);
++    }
++
++    /* Refuse to run setgid if it would escalate privileges */
++    if ( from_gid != 0 && to_gid == 0 )
++    {
++        gam_error(DEBUG_INFO, "refusing to escalate group privileges from=%d to=%d\n", from_gid, to_gid);
++        return(-1);
++    }
++
++    /* Run setuid to drop privileges to the effective user */
++    if ( from_uid != to_uid ) {
++        GAM_DEBUG(DEBUG_INFO, "Attempting setuid from=%d to=%d\n", from_uid, to_uid);
++
++        /* run setuid and check for errors */
++        if (setuid(to_uid) == -1) {
++            gam_error(DEBUG_INFO, "failed to run setuid from=%d to=%d\n", from_uid, to_uid);
++            return(-1);
++        }
++    }
++    else {
++        GAM_DEBUG(DEBUG_INFO, "Already running as effective user, skipping setuid\n");
++    }
++
++    /* Run setgid to drop privileges to the effective group */
++    if ( from_gid != to_gid ) {
++        GAM_DEBUG(DEBUG_INFO, "Attempting setgid from=%d to=%d\n", from_gid, to_gid);
++
++        /* run setuid and check for errors */
++        if (setgid(to_gid) == -1) {
++            gam_error(DEBUG_INFO, "failed to run setgid from=%d to=%d\n", from_gid, to_gid);
++            return(-1);
++        }
++    }
++    else {
++        GAM_DEBUG(DEBUG_INFO, "Already running as effective group, skipping setgid\n");
++    }
++
++    GAM_DEBUG(DEBUG_INFO, "Succeeded in dropping privileges from %d:%d to %d:%d\n", from_uid, from_gid, to_uid, to_gid);
++
++    return(0);
++}
++#endif
++
+ /**
+  * gamin_fork_server:
+  * @fam_client_id: the client ID string to use
+@@ -71,6 +143,13 @@
+         long open_max;
+ 	long i;
+ 
++#ifdef RUN_AS_EUID
++        /* Drop privileges to the current effective uid/gid and return on failure */
++        if(gamin_drop_privileges( geteuid(), getegid() ) == -1) {
++            return(-1);
++        }
++#endif
++
+         /* don't hold open fd opened from the client of the library */
+ 	open_max = sysconf (_SC_OPEN_MAX);
+ 	for (i = 0; i < open_max; i++)
diff --git a/devel/gamin/files/patch-libgamin_gam_fork.h b/devel/gamin/files/patch-libgamin_gam_fork.h
new file mode 100644
index 000000000000..db96b2d05fcf
--- /dev/null
+++ b/devel/gamin/files/patch-libgamin_gam_fork.h
@@ -0,0 +1,12 @@
+--- libgamin/gam_fork.h.orig	2007-07-04 06:36:48.000000000 -0700
++++ libgamin/gam_fork.h	2013-02-16 20:38:00.328594608 -0800
+@@ -32,6 +32,9 @@
+ #endif
+ 
+ int		gamin_fork_server	(const char *fam_client_id);
++#ifdef RUN_AS_EUID
++int		gamin_drop_privileges	(int to_uid, int to_gid);
++#endif
+ 
+ #ifdef __cplusplus
+ }