On FreeBSD, it's possible to allow plain users to mount filesystems

without using su or sudo. This is enabled via vfs.usermount sysctl.
However, if file name conversion is used when mounting a filesystem,
in most cases mount will fail with `mount_XXX: XXX_iconv: Operation
not permitted denied' error. This is caused by the fact that character
set conversion tables need to be loaded into kernel, but, apart
from mounting, that's not allowed to plain users, because charset
tables are large enough to initiate a denial of service by filling
kernel memory with many tables.

This utility allows you to load only specific charset tables into
kernel, so usermounts with file name conversions won't fail and in
the same time it's not possible to bring the system down by filling
kernel memory.

WWW: http://wiki.freebsd.org/DmitryMarakasov/kiconvtool

Approved by:	miwi (mentor)

4 files changed, 53 insertions, 0 deletions

diff --git a/sysutils/Makefile b/sysutils/Makefile
index f671a40b05c6..de704925edc0 100644
--- a/sysutils/Makefile
+++ b/sysutils/Makefile
@@ -354,6 +354,7 @@
     SUBDIR += kdirstat
     SUBDIR += keep
     SUBDIR += kgtk
+    SUBDIR += kiconvtool
     SUBDIR += kkbswitch
     SUBDIR += kkeyled
     SUBDIR += klaptopdaemon
diff --git a/sysutils/kiconvtool/Makefile b/sysutils/kiconvtool/Makefile
new file mode 100644
index 000000000000..565c89b617ab
--- /dev/null
+++ b/sysutils/kiconvtool/Makefile
@@ -0,0 +1,33 @@
+# New ports collection makefile for:	kiconvtool
+# Date created:		25 Jun 2008
+# Whom:			Dmitry Marakasov <amdmi3@FreeBSD.org>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	kiconvtool
+PORTVERSION=	0.90
+CATEGORIES=	sysutils
+MASTER_SITES=	http://www.amdmi3.ru/distfiles/ \
+		${MASTER_SITE_LOCAL}
+MASTER_SITE_SUBDIR=	amdmi3
+
+MAINTAINER=	amdmi3@FreeBSD.org
+COMMENT=	Tool to preload kernel iconv charset tables
+
+PLIST_FILES=	sbin/kiconvtool etc/rc.d/kiconv
+
+PORTDOCS=	*
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|/usr/local|${PREFIX}|' ${WRKSRC}/kiconv.sh
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/kiconvtool ${PREFIX}/sbin
+	${INSTALL_SCRIPT} ${WRKSRC}/kiconv.sh ${PREFIX}/etc/rc.d/kiconv
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}/
+.endif
+
+.include <bsd.port.mk>
diff --git a/sysutils/kiconvtool/distinfo b/sysutils/kiconvtool/distinfo
new file mode 100644
index 000000000000..60dc0a677698
--- /dev/null
+++ b/sysutils/kiconvtool/distinfo
@@ -0,0 +1,3 @@
+MD5 (kiconvtool-0.90.tar.gz) = ee04241f876cf888967b9c029de1ef89
+SHA256 (kiconvtool-0.90.tar.gz) = 571be8a94580ef7e0e97b7b398252bdbc8a2fb3d370bad79805fa54c5b4fca8b
+SIZE (kiconvtool-0.90.tar.gz) = 4784
diff --git a/sysutils/kiconvtool/pkg-descr b/sysutils/kiconvtool/pkg-descr
new file mode 100644
index 000000000000..09decdc27580
--- /dev/null
+++ b/sysutils/kiconvtool/pkg-descr
@@ -0,0 +1,16 @@
+On FreeBSD, it's possible to allow plain users to mount filesystems
+without using su or sudo. This is enabled via vfs.usermount sysctl.
+However, if file name conversion is used when mounting a filesystem,
+in most cases mount will fail with `mount_XXX: XXX_iconv: Operation
+not permitted denied' error. This is caused by the fact that character
+set conversion tables need to be loaded into kernel, but, apart
+from mounting, that's not allowed to plain users, because charset
+tables are large enough to initiate a denial of service by filling
+kernel memory with many tables.
+
+This utility allows you to load only specific charset tables into
+kernel, so usermounts with file name conversions won't fail and in
+the same time it's not possible to bring the system down by filling
+kernel memory.
+
+WWW: http://wiki.freebsd.org/DmitryMarakasov/kiconvtool