diff options
author | sobomax <sobomax@FreeBSD.org> | 2012-12-12 10:08:33 +0800 |
---|---|---|
committer | sobomax <sobomax@FreeBSD.org> | 2012-12-12 10:08:33 +0800 |
commit | d54972a7020d8a69ac6fe2aac5cd783432302ec0 (patch) | |
tree | 9cf39a2f03d3cd327f0806a93c4a08ee93aafbb7 | |
parent | 0c6e90eec0eaaad96fcd70fba7fe8f7dd12d485c (diff) | |
download | freebsd-ports-gnome-d54972a7020d8a69ac6fe2aac5cd783432302ec0.tar.gz freebsd-ports-gnome-d54972a7020d8a69ac6fe2aac5cd783432302ec0.tar.zst freebsd-ports-gnome-d54972a7020d8a69ac6fe2aac5cd783432302ec0.zip |
Add unprivileged user to run under, so it's more secure.
Reminded by: Olle E. Johansson
-rw-r--r-- | net/rtpproxy/Makefile | 4 | ||||
-rw-r--r-- | net/rtpproxy/files/patch-freebsd_rtpproxy.in | 17 | ||||
-rw-r--r-- | net/rtpproxy/pkg-install | 35 |
3 files changed, 56 insertions, 0 deletions
diff --git a/net/rtpproxy/Makefile b/net/rtpproxy/Makefile index 1eff737b8214..1c16c3908bac 100644 --- a/net/rtpproxy/Makefile +++ b/net/rtpproxy/Makefile @@ -7,6 +7,7 @@ PORTNAME= rtpproxy PORTVERSION= 1.2.1 +PORTREVISION= 1 CATEGORIES= net MASTER_SITES= http://www.rtpproxy.org/chrome/site/ @@ -25,6 +26,9 @@ post-build: ${SED} 's|%%PREFIX%%|${PREFIX}|g ; s|%%RC_SUBR%%|/etc/rc.subr|g' \ ${WRKSRC}/freebsd/rtpproxy.in > ${WRKDIR}/rtpproxy +pre-install: + @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL + post-install: ${INSTALL_SCRIPT} ${WRKDIR}/rtpproxy ${PREFIX}/etc/rc.d/rtpproxy diff --git a/net/rtpproxy/files/patch-freebsd_rtpproxy.in b/net/rtpproxy/files/patch-freebsd_rtpproxy.in new file mode 100644 index 000000000000..c315780927bf --- /dev/null +++ b/net/rtpproxy/files/patch-freebsd_rtpproxy.in @@ -0,0 +1,17 @@ + +$FreeBSD$ + +--- freebsd/rtpproxy.in.orig ++++ freebsd/rtpproxy.in +@@ -25,7 +25,10 @@ + + rtpproxy_enable=${rtpproxy_enable:-"NO"} + rtpproxy_laddr=${rtpproxy_laddr:-"0.0.0.0"} ++rtpproxy_usr=${rtpproxy_usr:-"rtpproxy"} ++rtpproxy_grp=${rtpproxy_grp:-"rtpproxy"} + +-command_args="-l ${rtpproxy_laddr} -p /var/run/rtpproxy.pid" ++command_args="-l ${rtpproxy_laddr} -p /var/run/rtpproxy.pid \ ++ -u ${rtpproxy_usr}:${rtpproxy_grp}" + + run_rc_command "${1}" diff --git a/net/rtpproxy/pkg-install b/net/rtpproxy/pkg-install new file mode 100644 index 000000000000..58954e7a3963 --- /dev/null +++ b/net/rtpproxy/pkg-install @@ -0,0 +1,35 @@ +#!/bin/sh +# $FreeBSD$ +# + +if [ "$2" != "PRE-INSTALL" ]; then + exit 0 +fi + +RTPPROXY_USER=rtpproxy +RTPPROXY_GROUP=${RTPPROXY_USER} +RTPPROXY_UID=222 +RTPPROXY_GID=${RTPPROXY_UID} + +if ! pw groupshow "${RTPPROXY_GROUP}" 2>/dev/null 1>&2; then + if pw groupadd ${RTPPROXY_GROUP} -g ${RTPPROXY_GID}; then + echo "Added group \"${RTPPROXY_GROUP}\"." + else + echo "Adding group \"${RTPPROXY_GROUP}\" failed..." + exit 1 + fi +fi + +if ! pw usershow "${RTPPROXY_USER}" 2>/dev/null 1>&2; then + if pw useradd ${RTPPROXY_USER} -u ${RTPPROXY_UID} -g ${RTPPROXY_GROUP} -h - \ + -s "/sbin/nologin" -d "/nonexistent" \ + -c "RTP Proxy"; \ + then + echo "Added user \"${RTPPROXY_USER}\"." + else + echo "Adding user \"${RTPPROXY_USER}\" failed..." + exit 1 + fi +fi + +exit 0 |