[Bug 199314] net/haproxy: create haproxy user, install sample config
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Apr 9 15:20:51 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199314
Bug ID: 199314
Summary: net/haproxy: create haproxy user, install sample
config
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: demon at FreeBSD.org
Reporter: feld at FreeBSD.org
Flags: maintainer-feedback?(demon at FreeBSD.org)
Assignee: demon at FreeBSD.org
Created attachment 155368
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155368&action=edit
haproxy port patch
Hello,
This patch installs a sample config from the EXAMPLES dir already modified to
use a new haproxy uid and gid. It also has chroot enabled to the /var/empty
directory which should be sufficient.
This should help alleviate damage from a future haproxy exploit as haproxy
would not be running as root.
Unfortunately we cannot just force haproxy to always run as root via the rc
script as haproxy may need to listen on reserved ports (<1024) to proxy 80,
443, etc.
It would be wise to encourage users in pkg-message to update their
configurations to use the haproxy user, but I have not composed such a message.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list