net/tcpdump: use dedicated user for privsep

"nobody" should only be used by NFS and nothing should run as
it. Instead give tcpdump a dedicated user.

Also note that IPv6 is no longer optional, so just remove the option

Approved by:	garga (maintainer, older version)
Reviewed by:	matthew
Differential Revision:	https://reviews.freebsd.org/D15841

1 files changed, 5 insertions, 4 deletions

diff --git a/net/tcpdump/Makefile b/net/tcpdump/Makefile
index b8c9c3829a18..b9161af83852 100644
--- a/net/tcpdump/Makefile
+++ b/net/tcpdump/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	tcpdump
 PORTVERSION=	4.9.2
+PORTREVISION=	1
 CATEGORIES=	net ipv6
 MASTER_SITES=	http://www.tcpdump.org/release/
 
@@ -16,10 +17,10 @@ LIB_DEPENDS=	libpcap.so.1:net/libpcap
 GNU_CONFIGURE=	yes
 USES=		gmake
 
-UNPRIV_USER?=	nobody
+UNPRIV_USER?=	tcpdump
 CHROOTDIR?=	/var/run/tcpdump
 
-OPTIONS_DEFINE=	CRYPTO IPV6 SMB SMI USER CHROOT
+OPTIONS_DEFINE=	CRYPTO SMB SMI USER CHROOT
 OPTIONS_DEFAULT=	CRYPTO SMB SMI
 
 CRYPTO_DESC=	Support IPSEC and TCPMD5
@@ -28,16 +29,16 @@ CRYPTO_DESC=	Support IPSEC and TCPMD5
 # is not true. It will just not print it if this option is off.
 SMB_DESC=	Support printing SMB information
 SMI_DESC=	Allow MIBs to be loaded on the fly
-USER_DESC=	Drop privileges to nobody
+USER_DESC=	Drop privileges to dedicated user
 CHROOT_DESC=	Chroot to /var/run/tcpdump (set CHROOTDIR to change)
 
 CRYPTO_USES=		ssl
 CRYPTO_CONFIGURE_WITH=	crypto
-IPV6_CONFIGURE_ENABLE=	ipv6
 SMB_CONFIGURE_ENABLE=	smb
 SMI_CONFIGURE_WITH=	smi
 SMI_LIB_DEPENDS=	libsmi.so:net-mgmt/libsmi
 USER_CONFIGURE_ON=	--with-user=${UNPRIV_USER}
+USER_VARS=		USERS=${UNPRIV_USER} GROUPS=${UNPRIV_USER}
 CHROOT_CONFIGURE_ON=	--with-chroot=${CHROOTDIR}
 
 PLIST_FILES=	sbin/tcpdump \