ports/153115: [maintainer] [patch] shells/scponly Note security concern, cleanups

Rob Farmer rfarmer at predatorlabs.net
Mon Dec 13 04:00:23 UTC 2010 

>Number:         153115
>Category:       ports
>Synopsis:       [maintainer] [patch] shells/scponly Note security concern, cleanups
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 13 04:00:19 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Rob Farmer
>Release:        9.0-CURRENT
>Organization:
>Environment:
FreeBSD topaz.predatorlabs.net 9.0-CURRENT FreeBSD 9.0-CURRENT #0 r216392: Sun Dec 12 03:46:58 PST 2010     rfarmer at topaz.predatorlabs.net:/usr/obj/usr/src/sys/TOPAZ  amd64
>Description:
Most important:
-Patch SECURITY doc to include note about bypassing rsync argument checking with popt (from upstream) and tell people to read it

And some minor cleanup:
-Drop long comment describing knobs - it just duplicates OPTIONS
-For SCPONLY_DEFAULT_CHDIR, print a note about setting it. I'm not sure if post-patch is the best place for this, though?
-Drop dead site and just use Sourceforge
-Use the PORTDOCS variable
-Install some useful docs and drop useless one (TODO)
-Drop pre-everything message about defaults changing; that was 5 years ago
-LOCALBASE vs. PREFIX correction
-Add post-install messages to the plist so package users see them too

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/Makefile,v
retrieving revision 1.35
diff -u -r1.35 Makefile
--- Makefile	7 Dec 2010 21:46:51 -0000	1.35
+++ Makefile	12 Dec 2010 16:51:17 -0000
@@ -5,76 +5,11 @@
 # $FreeBSD: ports/shells/scponly/Makefile,v 1.35 2010/12/07 21:46:51 ohauer Exp $
 #
 
-# There are many knobs to tune scponly towards your specific wishes
-# and preferences.
-# You can activate a knob by typing something like
-# "make -DKNOB" or "make KNOB=yes" instead of just "make"
-#
-# A description of the several possibilities is available here:
-#
-#
-# Core funcionality:
-#
-# SCPONLY_DEFAULT_CHDIR=DIR
-# default: undefined
-# example: public_html
-# define if you want to make users `cd' to this directory after authentication
-#
-# WITHOUT_SCPONLY_WILDCARDS
-# default: undefined
-# define if you want to disable wildcard processing.
-#
-# WITHOUT_SCPONLY_GFTP
-# default: undefined
-# define if you want to disable gftp compatibility.
-#
-# WITH_SCPONLY_CHROOT
-# default: undefined
-# define if you want to use chroot functionality (set UID to root).
-#
-# WITH_SCPONLY_RSYNC
-# default: undefined
-# define if you want to enable rsync compatibility.
-#
-# WITH_SCPONLY_SCP
-# default: undefined
-# define if you want to enable vanilla scp compatibility.
-#
-# WITH_SCPONLY_SFTP_LOGGING
-# default: undefined
-# define if you want to enable sftp logging compatibility.
-#
-# WITH_SCPONLY_SVN
-# default: undefined
-# define if you want to enable subversion compatibility.
-#
-# WITH_SCPONLY_SVNSERVE
-# default: undefined
-# define if you want to enable subversion compatibility with svn+ssh://
-#
-# WITH_SCPONLY_UNISON
-# default: undefined
-# define if you want to enable unison compatibility.
-#
-# WITH_SCPONLY_WINSCP
-# default: undefined
-# define if you want to enable WinSCP compatibility.
-#
-#
-# Additional knobs:
-#
-# NOPORTDOCS
-# default: undefined
-# This knob prevents the ports system from installing additional
-# documentation. If you define this, only the manpage is going
-# to be installed.
-
 PORTNAME=	scponly
 PORTVERSION=	4.8
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	shells security
-MASTER_SITES=	http://www.sublimation.org/scponly/ \
-		SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
+MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
 EXTRACT_SUFX=	.tgz
 
 MAINTAINER=	rfarmer at predatorlabs.net
@@ -82,6 +17,8 @@
 
 MAN8=		scponly.8
 
+PORTDOCS=	BUILDING-JAILS.TXT INSTALL README SECURITY
+
 GNU_CONFIGURE=	yes
 
 OPTIONS=	SCPONLY_WILDCARDS "wildcards processing" on \
@@ -153,14 +90,10 @@
 CONFIGURE_ARGS+=--enable-winscp-compat
 .endif
 
-pre-everything::
-	@${ECHO_MSG} "From scponly 4.2, scp & WinSCP compatibilities are not"
-	@${ECHO_MSG} "enabled by default.  To enable those compatibilities,"
-	@${ECHO_MSG} "define WITH_SCPONLY_SCP and/or WITH_SCPONLY_WINSCP,"
-	@${ECHO_MSG} "respectively."
-	@${ECHO_MSG} ""
-	@${ECHO_MSG} "You can enable chroot functionality by defining WITH_SCPONLY_CHROOT."
-	@${ECHO_MSG} ""
+post-patch:
+	@${ECHO_MSG} "In addition to knobs available from the OPTIONS dialog,"
+	@${ECHO_MSG} "you may set SCPONLY_DEFAULT_CHDIR to make users 'cd' to"
+	@${ECHO_MSG} "this directory after authentication."
 
 post-install:
 	@${ECHO_MSG} "Updating /etc/shells"
@@ -180,14 +113,19 @@
 	@${ECHO_MSG} "To setup chroot cage, run the following commands:"
 	@${ECHO_MSG} "  1) cd ${EXAMPLESDIR}/ && ${SH} setup_chroot.sh"
 	@${ECHO_MSG} "  2) Set scponlyc_enable=\"YES\" in /etc/rc.conf"
-	@${ECHO_MSG} "  3) Run ${LOCALBASE}/etc/rc.d/scponly start"
+	@${ECHO_MSG} "  3) Run ${PREFIX}/etc/rc.d/scponly start"
 	@${ECHO_MSG} ""
 .endif
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
-.for i in README INSTALL TODO
+.for i in ${PORTDOCS}
 	@${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
 .endfor
+	@${ECHO_MSG} ""
+	@${ECHO_MSG} "For information on several potential security concerns,"
+	@${ECHO_MSG} "please read:"
+	@${ECHO_MSG} "${DOCSDIR}/SECURITY"
+	@${ECHO_MSG} ""
 .endif
 
 .include <bsd.port.post.mk>
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/pkg-plist,v
retrieving revision 1.5
diff -u -r1.5 pkg-plist
--- pkg-plist	20 Mar 2004 09:54:29 -0000	1.5
+++ pkg-plist	12 Dec 2010 16:42:50 -0000
@@ -1,15 +1,20 @@
 bin/scponly
 @exec echo "Updating /etc/shells"; cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak; echo %D/%F) >/etc/shells; rm -f /etc/shells.bak
 @unexec echo "Updating /etc/shells"; cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak) >/etc/shells; rm -f /etc/shells.bak
+%%SCPONLY_CHROOT%%@exec echo ""
+%%SCPONLY_CHROOT%%@exec echo "To setup chroot cage, run the following commands:"
+%%SCPONLY_CHROOT%%@exec echo "  1) cd %%PREFIX%%/%%EXAMPLESDIR%%/ && /bin/sh setup_chroot.sh"
+%%SCPONLY_CHROOT%%@exec echo "  2) Set scponlyc_enable=\"YES\" in /etc/rc.conf"
+%%SCPONLY_CHROOT%%@exec echo "  3) Run %%PREFIX%%/etc/rc.d/scponly start"
+%%PORTDOCS%%@exec echo ""
+%%PORTDOCS%%@exec echo "For information on several potential security concerns,"
+%%PORTDOCS%%@exec echo "please read:"
+%%PORTDOCS%%@exec echo "%%PREFIX%%/%%DOCSDIR%%/SECURITY"
 %%SCPONLY_CHROOT%%sbin/scponlyc
 %%SCPONLY_CHROOT%%@exec cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak; echo %D/%F) >/etc/shells; rm -f /etc/shells.bak
 %%SCPONLY_CHROOT%%@unexec cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak) >/etc/shells; rm -f /etc/shells.bak
 %%SCPONLY_CHROOT%%%%EXAMPLESDIR%%/setup_chroot.sh
 %%SCPONLY_CHROOT%%%%EXAMPLESDIR%%/config.h
 etc/scponly/debuglevel
-%%PORTDOCS%%%%DOCSDIR%%/README
-%%PORTDOCS%%%%DOCSDIR%%/INSTALL
-%%PORTDOCS%%%%DOCSDIR%%/TODO
 @dirrm etc/scponly
-%%PORTDOCS%%@dirrm %%DOCSDIR%%
 %%SCPONLY_CHROOT%%@dirrm %%EXAMPLESDIR%%
Index: files/patch-SECURITY
===================================================================
RCS file: files/patch-SECURITY
diff -N files/patch-SECURITY
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/patch-SECURITY	12 Dec 2010 16:26:47 -0000
@@ -0,0 +1,32 @@
+--- SECURITY.orig	2010-12-10 15:03:24.950162769 -0800
++++ SECURITY	2010-12-10 15:03:31.669374009 -0800
+@@ -28,6 +28,10 @@
+ 
+ 	  svn, svnserve, rsync, and unison
+ 
++	  Note specifically that rsync uses popt for parsing command line arguments
++	  and popt explicitly checks /etc/popt and $HOME/.popt for aliases. Thus,
++	  users can likely bypass argument checking for rsync.
++
+ 4) Make sure that all files required for the chroot have the IMMUTABLE and
+    UNDELETABLE bits set.  Other bits might also be prudent. See: man 1 chattr.
+ 
+@@ -39,13 +43,16 @@
+    ~/.ssh, ~/.unison, ~/.subversion
+ 
+    NOTE: depending on file permissions in the above, ssh, unison, and
+-   subversion may not work correctly.
++   subversion may not work correctly.  Also note that the location of the
++   above directories is sometimes system dependent, so please check the
++   documentation specific to your system.
+ 
+ 7) Make sure that every directory the users have write permissions to are
+    on a filesystem that is mounted NODEV, NOEXEC.  Eg. Make sure that they
+    cannot execute files that they have permissions to upload.  They should
+    also not need permissions to create any devices.  If the user can't execute
+-   any files that he has access to upload, then you need not worry about the
++   any files that he has access to upload and the executable files on the
++   system are not considered harmful, then you need not worry about the
+    security problems referencing svn/svnserve above!
+ 
+ 8) Monitor your logs!  If you start to see something funny, odd, or strange in


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list