ports/151456: www/shellinabox: add option to allow core dumps

Eric F Crist ecrist at secure-computing.net
Thu Oct 14 16:50:10 UTC 2010 

>Number:         151456
>Category:       ports
>Synopsis:       www/shellinabox: add option to allow core dumps
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 14 16:50:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Eric F Crist
>Release:        FreeBSD 9.0-CURRENT amd64
>Organization:
Secure Computing Networks & ClaimLynx, Inc
>Environment:
System: FreeBSD cartman.secure-computing.net 9.0-CURRENT FreeBSD 9.0-CURRENT #2: Mon Apr 12 12:46:23 CDT 2010 root at cartman.secure-computing.net:/usr/obj/usr/src/sys/GENERIC amd64

>Description:
	This patch allows for an option which adds the ability to create core dumps.  There is an inherent security
	risk when doing so, as potentially private information (passwords, etc) could be included in the core file.
	
>How-To-Repeat:
>Fix:

--- siab.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/shellinabox/Makefile,v
retrieving revision 1.4
diff -u -r1.4 Makefile
--- Makefile	13 Oct 2010 12:50:07 -0000	1.4
+++ Makefile	14 Oct 2010 16:30:28 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	shellinabox
 PORTVERSION=	2.10
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	www
 MASTER_SITES=	GOOGLE_CODE
 
@@ -36,6 +36,13 @@
 SUB_FILES=	pkg-deinstall
 SUB_LIST=	USERS=${USERS} GROUPS=${GROUPS}
 
+OPTIONS=	ENABLE_CORES|   "Patch shellinaboxd to enable core dumps." off \
+
+.include <bsd.port.options.mk>
+.if defined(WITH_ENABLE_CORES)
+EXTRA_PATCHES=	${PATCHDIR}/enable-cores.patch
+.endif
+
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/shellinaboxd ${PREFIX}/bin/
 .if !defined(NOPORTDOCS)
--- siab.diff ends here ---

--- enable-cores.patch begins here ---
--- shellinabox/shellinaboxd.c.orig	2009-11-18 10:55:52.000000000 -0600
+++ shellinabox/shellinaboxd.c	2010-10-14 08:31:16.000000000 -0500
@@ -1178,10 +1178,10 @@
 int main(int argc, char * const argv[]) {
 #ifdef HAVE_SYS_PRCTL_H
   // Disable core files
-  prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
+  // prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
 #endif
   struct rlimit rl = { 0 };
-  setrlimit(RLIMIT_CORE, &rl);
+  // setrlimit(RLIMIT_CORE, &rl);
   removeLimits();
 
   // Parse command line arguments
--- enable-cores.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list