ports/181495: [patch] security/gnupg add option for setuid install

Matthew Luckie mjl at luckie.org.nz
Sat Aug 24 00:40:02 UTC 2013 

>Number:         181495
>Category:       ports
>Synopsis:       [patch] security/gnupg add option for setuid install
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 24 00:40:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Luckie
>Release:        FreeBSD 9.1-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD sorcerer.caida.org 9.1-RELEASE-p4 FreeBSD 9.1-RELEASE-p4 #0: Mon Jun 17 11:38:17 UTC 2013 root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
The Makefile for gnupg allows the binary to be installed setuid root if
built with
make WITH_SUID_GPG=yes install
However, the option must be set every time gnupg is built.

>How-To-Repeat:
Build gnupg while forgetting the option.
>Fix:
The attached patch adds a dialog option to the port, so that the port can
remember what my preference is.

--- patch-gnupg begins here ---
diff -uNr gnupg.orig/Makefile gnupg/Makefile
--- gnupg.orig/Makefile	2013-08-19 06:29:42.000000000 -0700
+++ gnupg/Makefile	2013-08-23 17:06:01.000000000 -0700
@@ -29,7 +29,7 @@
 USE_LDCONFIG=	YES
 CONFIGURE_ARGS+=	--enable-symcryptrun
 
-OPTIONS_DEFINE=		PINENTRY LDAP SCDAEMON CURL GPGSM KDNS STD_SOCKET NLS
+OPTIONS_DEFINE=		PINENTRY LDAP SCDAEMON CURL GPGSM KDNS STD_SOCKET NLS SETUID
 PINENTRY_DESC=		Use pinentry
 LDAP_DESC=		LDAP keyserver interface
 SCDAEMON_DESC=		Enable Smartcard daemon (with libusb)
@@ -37,6 +37,7 @@
 GPGSM_DESC=		Enable GPGSM (requires LDAP)
 KDNS_DESC=		Use DNS CERT helper
 STD_SOCKET_DESC=	Use standard socket for agent
+SETUID_DESC=		Install gpg setuid root
 OPTIONS_DEFAULT=	CURL
 NO_OPTIONS_SORT=	YES
 
@@ -121,7 +122,7 @@
 
 post-install:
 	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
-.if defined(WITH_SUID_GPG)
+.if ${PORT_OPTIONS:MSETUID}
 	${CHMOD} u+s ${PREFIX}/bin/gpg2
 .endif
 	@${CAT} ${PKGMESSAGE}
--- patch-gnupg ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list