From bugghy@phenix.rootshell.be  Sat Sep 18 22:03:30 2004
Return-Path: <bugghy@phenix.rootshell.be>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C0DDB16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 18 Sep 2004 22:03:30 +0000 (GMT)
Received: from phenix.rootshell.be (phenix.rootshell.be [217.22.55.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E3EFA43D2D
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 18 Sep 2004 22:03:29 +0000 (GMT)
	(envelope-from bugghy@phenix.rootshell.be)
Received: from phenix.rootshell.be (phenix [127.0.0.1])
	by phenix.rootshell.be (8.12.8/8.12.8) with ESMTP id i8IM3SxL024308;
	Sun, 19 Sep 2004 00:03:29 +0200
Received: from localhost (bugghy@localhost)
	by phenix.rootshell.be (8.12.8/8.12.8/Submit) with ESMTP id i8IM3S5M015665;
	Sun, 19 Sep 2004 00:03:28 +0200
Message-Id: <Pine.LNX.4.61.0409190002390.18715@phenix.rootshell.be>
Date: Sun, 19 Sep 2004 00:03:28 +0200 (CEST)
From: bugghy <bugghy@phenix.rootshell.be>
To: FreeBSD-gnats-submit@freebsd.org
Cc: bugghy@SAFe-mail.net
Subject: New port: security/sud Daemon used to execute processes with special
 privileges in a nosuid environment

>Number:         71892
>Category:       ports
>Synopsis:       New port: security/sud Daemon used to execute processes with special
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    sem
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 18 22:10:24 GMT 2004
>Closed-Date:    Fri Feb 25 21:17:22 GMT 2005
>Last-Modified:  Fri Feb 25 21:17:22 GMT 2005
>Originator:     
>Release:        FreeBSD 6.0-CURRENT i386
>Organization:
bugghy
>Environment:
 System: FreeBSD illusion.com 6.0-CURRENT FreeBSD 6.0-CURRENT #16: Sun Sep 12 10:34:58 UTC 2004     root@illusion.com:/usr/obj/usr/src/sys/BUGNERIC i386

>Description:

 Sud is a daemon to execute interactive and non-interactive
 processes with special (and customizable) privileges in a
 nosuid environment. It is based on a client/server model
 and on the ability to pass file descriptors between processes.

> How-To-Repeat:

> Fix:

 # This is a shell archive.  Save it in a file, remove anything before
 # this line, and then unpack it by entering "sh file".  Note, it may
 # create directories; files and directories will be owned by you and
 # have default permissions.
 #
 # This archive contains:
 #
 #	sud
 #	sud/pkg-descr
 #	sud/distinfo
 #	sud/Makefile
 #	sud/files
 #	sud/files/pkg-message.in
 #	sud/files/ilogin.1
 #	sud/files/sud.1
 #	sud/files/patch-sud.conf.sample
 #	sud/files/patch-sud.conf
 #	sud/files/patch-main.c
 #
 echo c - sud
 mkdir -p sud > /dev/null 2>&1
 echo x - sud/pkg-descr
 sed 's/^X//' >sud/pkg-descr << 'END-of-sud/pkg-descr'
 XSud is a daemon to execute interactive and non-interactive 
 Xprocesses with special (and customizable) privileges in a 
 Xnosuid environment. It is based on a client/server model 
 Xand on the ability to pass file descriptors between processes.
 X
 XWWW: http://sourceforge.net/projects/sud/
 X
 X- bugghy
 Xbugghy@SAFe-mail.net
 END-of-sud/pkg-descr
 echo x - sud/distinfo
 sed 's/^X//' >sud/distinfo << 'END-of-sud/distinfo'
 XMD5 (sud-1.3.tar.gz) = f44ca2810ff72b84ad8a10cd62752098
 XSIZE (sud-1.3.tar.gz) = 117542
 END-of-sud/distinfo
 echo x - sud/Makefile
 sed 's/^X//' >sud/Makefile << 'END-of-sud/Makefile'
 X# New ports collection makefile for:	sud
 X# Date created:		20 Sep 2004
 X# Whom:			bugghy <bugghy@SAFe-mail.net>
 X#
 X# $FreeBSD$
 X#
 X
 XPORTNAME=	sud
 XPORTVERSION=	1.3
 XCATEGORIES=	security sysutils
 XMASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 XMASTER_SITE_SUBDIR=     ${PORTNAME}
 X
 X
 XMAINTAINER=	bugghy@SAFe-mail.net
 XCOMMENT=	Daemon used to execute processes with special privileges in a nosuid environment
 X
 XGNU_CONFIGURE=  yes
 XONFIGURE_ARGS=	--program-prefix=/usr/local
 XMAN1=		sud.1 suz.1 ilogin.1
 XMANCOMPRESSED=	no
 XPLIST_FILES=	bin/suz sbin/sud sbin/ilogin etc/issue.suz etc/motd.suz etc/sud.conf.sample
 X
 Xpre-patch:
 X.for i in ilogin.1 sud.1
 X	@${SED} -e 's|PREFIX|${PREFIX}|g' ${FILESDIR}/${i} > ${FILESDIR}/patch-${i}
 X.endfor
 X	@${SED} -e 's|PREFIX|${PREFIX}|g' ${FILESDIR}/pkg-message.in > ${PKGMESSAGE}
 X
 Xpost-install:
 X.if !defined(NOPORTDOCS)
 X	@${INSTALL_MAN} ${WRKSRC}/sud.1 ${MAN1PREFIX}/man/man1
 X	@${INSTALL_MAN} ${WRKSRC}/suz.1 ${MAN1PREFIX}/man/man1
 X	@${INSTALL_MAN} ${WRKSRC}/ilogin.1 ${MAN1PREFIX}/man/man1
 X.endif
 X
 X.for i in issue.suz motd.suz sud.conf sud.conf.sample
 X.if !exists(${PREFIX}/etc/${i})
 X	@${INSTALL_DATA} ${WRKSRC}/miscs/${i} ${PREFIX}/etc
 X.endif
 X.endfor
 X	@${CAT} ${PKGMESSAGE}
 X
 X.include <bsd.port.mk>
 END-of-sud/Makefile
 echo c - sud/files
 mkdir -p sud/files > /dev/null 2>&1
 echo x - sud/files/pkg-message.in
 sed 's/^X//' >sud/files/pkg-message.in << 'END-of-sud/files/pkg-message.in'
 X
 X#############################################################################
 X  Copy 	/usr/local/etc/sud.conf.sample to /usr/local/etc/sud.conf
 X#############################################################################
 X
 X
 END-of-sud/files/pkg-message.in
 echo x - sud/files/ilogin.1
 sed 's/^X//' >sud/files/ilogin.1 << 'END-of-sud/files/ilogin.1'
 X--- ilogin.1.orig	Sat Sep 18 23:54:31 2004
 X+++ ilogin.1	Sat Sep 18 23:54:51 2004
 X@@ -6,9 +6,9 @@
 X .SH DESCRIPTION
 X simple root login client used by sud(1)
 X .SH FILES
 X-.IP "\fI/etc/issue.suz\fR"
 X+.IP "\fI/usr/local/etc/issue.suz\fR"
 X \&\fBilogin\fR issue file
 X-.IP "\fI/etc/motd.suz\fR"
 X+.IP "\fI/usr/local/etc/motd.suz\fR"
 X \&\fBilogin\fR motd file
 X .SH SEE ALSO
 X .IP "\fIsud\fR\|(1)"
 END-of-sud/files/ilogin.1
 echo x - sud/files/sud.1
 sed 's/^X//' >sud/files/sud.1 << 'END-of-sud/files/sud.1'
 X--- sud.1.orig	Sat Sep 18 23:53:35 2004
 X+++ sud.1	Sat Sep 18 23:54:29 2004
 X@@ -12,7 +12,7 @@
 X mounted with nosuid flag
 X .PP
 X you can use your insecure program with root privileges by setting suipfile in 
 X-/etc/sud.conf
 X+/usr/local/etc/sud.conf
 X .PP
 X your client will be authenticated by getting effective credentials via unix 
 X socket
 X@@ -25,7 +25,7 @@
 X The following options are available:
 X .TP
 X .B -f \fIconfigfile\fB
 X-parse configfile (default: /etc/sud.conf)
 X+parse configfile (default: /usr/local/etc/sud.conf)
 X .TP
 X .B -n
 X do not daemonize
 X@@ -39,7 +39,7 @@
 X .B -v
 X print version
 X .SH OPTIONS FOR THE DAEMON
 X-The following entries are available in /etc/sud.conf in the form options 
 X+The following entries are available in /usr/local/etc/sud.conf in the form options 
 X { entries }
 X .TP
 X .B daemonize { yes, no }
 X@@ -65,7 +65,7 @@
 X configuration
 X you can execute more sud programs by invoking sud with -p and -f options
 X .SH ENTRIES FOR SERVICES
 X-The following entries are available in /etc/sud.conf in the form service 
 X+The following entries are available in /usr/local/etc/sud.conf in the form service 
 X { entry = value ... }
 X There is a special service which can be specified for default entries,
 X every entry that is not specifed in a particular service will be set to
 X@@ -165,7 +165,7 @@
 X .SH SIGNALS
 X SIGUSR1, SIGHUP reparse your configuration file
 X .SH FILES
 X-.IP "\fI/etc/sud.conf\fR"
 X+.IP "\fI/usr/local/etc/sud.conf\fR"
 X \&\fBsud\fR configuration file
 X .IP "\fI/var/run/sud.pid\fR"
 X \&\fBsud\fR locking file
 END-of-sud/files/sud.1
 echo x - sud/files/patch-sud.conf.sample
 sed 's/^X//' >sud/files/patch-sud.conf.sample << 'END-of-sud/files/patch-sud.conf.sample'
 X--- miscs/sud.conf.sample.orig	Sun Sep 19 00:38:29 2004
 X+++ miscs/sud.conf.sample	Sun Sep 19 00:39:13 2004
 X@@ -17,7 +17,7 @@
 X # authgroup will be 0
 X 
 X ilogin	{
 X-		suipfile = /usr/sbin/ilogin
 X+		suipfile = /usr/local/sbin/ilogin
 X 		nclients = 5
 X 		timeout = 1000
 X 	}
 X@@ -49,7 +49,7 @@
 X }
 X 
 X rootdir {
 X-		suipfile = "/usr/bin/ls -R /root"
 X+		suipfile = "/bin/ls -R /root"
 X 		mode = command
 X }
 X 
 END-of-sud/files/patch-sud.conf.sample
 echo x - sud/files/patch-sud.conf
 sed 's/^X//' >sud/files/patch-sud.conf << 'END-of-sud/files/patch-sud.conf'
 X--- miscs/sud.conf.orig	Sun Sep 19 00:38:23 2004
 X+++ miscs/sud.conf	Sun Sep 19 00:38:37 2004
 X@@ -1,5 +1,5 @@
 X ilogin	{
 X-		suipfile = /usr/sbin/ilogin
 X+		suipfile = /usr/local/sbin/ilogin
 X 		sockfile = /var/run/sud.unix
 X 		nclients = 5
 X 		timeout = 1000
 END-of-sud/files/patch-sud.conf
 echo x - sud/files/patch-main.c
 sed 's/^X//' >sud/files/patch-main.c << 'END-of-sud/files/patch-main.c'
 X--- sud/main.c.orig	Sun Sep 19 00:53:20 2004
 X+++ sud/main.c	Sun Sep 19 00:53:31 2004
 X@@ -287,7 +287,7 @@
 X 			fprintf(stderr, "unable to open %s\n", fileconf);
 X 			return -1;
 X 		} else if (fileconf == NULL)
 X-			(void)openconf("/etc/sud.conf");
 X+			(void)openconf("/usr/local/etc/sud.conf");
 X 
 X 		sud_daemonize();
 X #ifdef DEBUG
 END-of-sud/files/patch-main.c
 exit
 
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
Class-Changed-From-To: sw-bug->change-request 
Class-Changed-By: ceri 
Class-Changed-When: Sun Sep 19 10:35:31 GMT 2004 
Class-Changed-Why:  
Reassign misfiled PR. 


Responsible-Changed-From-To: gnats-admin->freebsd-ports-bugs 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Sun Sep 19 10:35:31 GMT 2004 
Responsible-Changed-Why:  
Reassign misfiled PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=71892 
Responsible-Changed-From-To: freebsd-ports-bugs->sem 
Responsible-Changed-By: sem 
Responsible-Changed-When: Fri Feb 11 18:52:12 GMT 2005 
Responsible-Changed-Why:  
Take it 

http://www.freebsd.org/cgi/query-pr.cgi?pr=71892 

From: Sergey Matveychuk <sem@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, bugghy@phenix.rootshell.be
Cc:  
Subject: Re: ports/71892: New port: security/sud Daemon used to execute processes
 with special
Date: Sun, 13 Feb 2005 18:25:30 +0300

 You can't write anything in port directiry. Use WRKDIR for this.
 For pkg-message it fixes easy. Just with:
 PKGMESSAGE=     ${WRKDIR}/pkg-message
 
 But for patch files it does not work. But it's not necessary realy. You 
 can use sed on original files instead of patches.
 
 Use devel/portlint for detecting lines with spaces instead tabs.
 
 There is a type in Makefile: ONFIGURE_ARGS= --program-prefix=/usr/local
 
 But you should not set CONFIGURE_ARGS for this port at all. Default 
 value for it is reasonable.
 
 -- 
 Sem.

From: Sergey Matveychuk <sem@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, bugghy@phenix.rootshell.be
Cc:  
Subject: Re: ports/71892: New port: security/sud Daemon used to execute processes
 with special
Date: Sun, 13 Feb 2005 18:26:04 +0300

 You can't write anything in port directiry. Use WRKDIR for this.
 For pkg-message it fixes easy. Just with:
 PKGMESSAGE=     ${WRKDIR}/pkg-message
 
 But for patch files it does not work. But it's not necessary realy. You 
 can use sed on original files instead of patches.
 
 Use devel/portlint for detecting lines with spaces instead tabs.
 
 There is a type in Makefile: ONFIGURE_ARGS= --program-prefix=/usr/local
 
 But you should not set CONFIGURE_ARGS for this port at all. Default 
 value for it is reasonable.
 
 -- 
 Sem.
State-Changed-From-To: open->feedback 
State-Changed-By: sem 
State-Changed-When: Sun Feb 13 15:34:09 GMT 2005 
State-Changed-Why:  
Wait for feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=71892 
State-Changed-From-To: feedback->closed 
State-Changed-By: sem 
State-Changed-When: Fri Feb 25 21:15:48 GMT 2005 
State-Changed-Why:  
The port is insufficient (write to its dirrectory) 
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=71892 
>Unformatted:
