ports/151456: www/shellinabox: add option to allow core dumps
Eric F Crist
ecrist at secure-computing.net
Thu Oct 14 16:50:10 UTC 2010
>Number: 151456
>Category: ports
>Synopsis: www/shellinabox: add option to allow core dumps
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 14 16:50:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Eric F Crist
>Release: FreeBSD 9.0-CURRENT amd64
>Organization:
Secure Computing Networks & ClaimLynx, Inc
>Environment:
System: FreeBSD cartman.secure-computing.net 9.0-CURRENT FreeBSD 9.0-CURRENT #2: Mon Apr 12 12:46:23 CDT 2010 root at cartman.secure-computing.net:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
This patch allows for an option which adds the ability to create core dumps. There is an inherent security
risk when doing so, as potentially private information (passwords, etc) could be included in the core file.
>How-To-Repeat:
>Fix:
--- siab.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/shellinabox/Makefile,v
retrieving revision 1.4
diff -u -r1.4 Makefile
--- Makefile 13 Oct 2010 12:50:07 -0000 1.4
+++ Makefile 14 Oct 2010 16:30:28 -0000
@@ -7,7 +7,7 @@
PORTNAME= shellinabox
PORTVERSION= 2.10
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= www
MASTER_SITES= GOOGLE_CODE
@@ -36,6 +36,13 @@
SUB_FILES= pkg-deinstall
SUB_LIST= USERS=${USERS} GROUPS=${GROUPS}
+OPTIONS= ENABLE_CORES| "Patch shellinaboxd to enable core dumps." off \
+
+.include <bsd.port.options.mk>
+.if defined(WITH_ENABLE_CORES)
+EXTRA_PATCHES= ${PATCHDIR}/enable-cores.patch
+.endif
+
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/shellinaboxd ${PREFIX}/bin/
.if !defined(NOPORTDOCS)
--- siab.diff ends here ---
--- enable-cores.patch begins here ---
--- shellinabox/shellinaboxd.c.orig 2009-11-18 10:55:52.000000000 -0600
+++ shellinabox/shellinaboxd.c 2010-10-14 08:31:16.000000000 -0500
@@ -1178,10 +1178,10 @@
int main(int argc, char * const argv[]) {
#ifdef HAVE_SYS_PRCTL_H
// Disable core files
- prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
+ // prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
#endif
struct rlimit rl = { 0 };
- setrlimit(RLIMIT_CORE, &rl);
+ // setrlimit(RLIMIT_CORE, &rl);
removeLimits();
// Parse command line arguments
--- enable-cores.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list