diff options
author | Eitan Adler <eadler@FreeBSD.org> | 2018-06-17 00:08:22 +0000 |
---|---|---|
committer | Eitan Adler <eadler@FreeBSD.org> | 2018-06-17 00:08:22 +0000 |
commit | 6986c79d7ab5b66b449da7b3c35540c68c3ed470 (patch) | |
tree | e35968ed2345af640a664ce2a8556849b7c97572 /net/tcpdump | |
parent | 933be6c6348234e2f3699489a1055cb53a7e27db (diff) | |
download | ports-6986c79d7ab5b66b449da7b3c35540c68c3ed470.tar.gz ports-6986c79d7ab5b66b449da7b3c35540c68c3ed470.zip |
net/tcpdump: use dedicated user for privsep
"nobody" should only be used by NFS and nothing should run as
it. Instead give tcpdump a dedicated user.
Also note that IPv6 is no longer optional, so just remove the option
Approved by: garga (maintainer, older version)
Reviewed by: matthew
Differential Revision: https://reviews.freebsd.org/D15841
Notes
Notes:
svn path=/head/; revision=472578
Diffstat (limited to 'net/tcpdump')
-rw-r--r-- | net/tcpdump/Makefile | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/net/tcpdump/Makefile b/net/tcpdump/Makefile index b8c9c3829a18..b9161af83852 100644 --- a/net/tcpdump/Makefile +++ b/net/tcpdump/Makefile @@ -3,6 +3,7 @@ PORTNAME= tcpdump PORTVERSION= 4.9.2 +PORTREVISION= 1 CATEGORIES= net ipv6 MASTER_SITES= http://www.tcpdump.org/release/ @@ -16,10 +17,10 @@ LIB_DEPENDS= libpcap.so.1:net/libpcap GNU_CONFIGURE= yes USES= gmake -UNPRIV_USER?= nobody +UNPRIV_USER?= tcpdump CHROOTDIR?= /var/run/tcpdump -OPTIONS_DEFINE= CRYPTO IPV6 SMB SMI USER CHROOT +OPTIONS_DEFINE= CRYPTO SMB SMI USER CHROOT OPTIONS_DEFAULT= CRYPTO SMB SMI CRYPTO_DESC= Support IPSEC and TCPMD5 @@ -28,16 +29,16 @@ CRYPTO_DESC= Support IPSEC and TCPMD5 # is not true. It will just not print it if this option is off. SMB_DESC= Support printing SMB information SMI_DESC= Allow MIBs to be loaded on the fly -USER_DESC= Drop privileges to nobody +USER_DESC= Drop privileges to dedicated user CHROOT_DESC= Chroot to /var/run/tcpdump (set CHROOTDIR to change) CRYPTO_USES= ssl CRYPTO_CONFIGURE_WITH= crypto -IPV6_CONFIGURE_ENABLE= ipv6 SMB_CONFIGURE_ENABLE= smb SMI_CONFIGURE_WITH= smi SMI_LIB_DEPENDS= libsmi.so:net-mgmt/libsmi USER_CONFIGURE_ON= --with-user=${UNPRIV_USER} +USER_VARS= USERS=${UNPRIV_USER} GROUPS=${UNPRIV_USER} CHROOT_CONFIGURE_ON= --with-chroot=${CHROOTDIR} PLIST_FILES= sbin/tcpdump \ |