svn commit: r432603 - in branches/2017Q1/www/uwsgi: . files
Mark Felder
feld at FreeBSD.org
Fri Jan 27 23:22:00 UTC 2017
Author: feld
Date: Fri Jan 27 23:21:58 2017
New Revision: 432603
URL: https://svnweb.freebsd.org/changeset/ports/432603
Log:
MFH: r432602
www/uwsgi: Change default socket mode to 600 for security
This change may be a disruptive for some users, but the default mode
of 777 is a disaster waiting to happen.
Approved by: ports-secteam (with hat)
Modified:
branches/2017Q1/www/uwsgi/Makefile
branches/2017Q1/www/uwsgi/files/uwsgi.in
Directory Properties:
branches/2017Q1/ (props changed)
Modified: branches/2017Q1/www/uwsgi/Makefile
==============================================================================
--- branches/2017Q1/www/uwsgi/Makefile Fri Jan 27 23:21:22 2017 (r432602)
+++ branches/2017Q1/www/uwsgi/Makefile Fri Jan 27 23:21:58 2017 (r432603)
@@ -3,6 +3,7 @@
PORTNAME= uwsgi
PORTVERSION= 2.0.14
+PORTREVISION= 1
CATEGORIES= www python
MASTER_SITES= http://projects.unbit.it/downloads/
Modified: branches/2017Q1/www/uwsgi/files/uwsgi.in
==============================================================================
--- branches/2017Q1/www/uwsgi/files/uwsgi.in Fri Jan 27 23:21:22 2017 (r432602)
+++ branches/2017Q1/www/uwsgi/files/uwsgi.in Fri Jan 27 23:21:58 2017 (r432603)
@@ -12,6 +12,8 @@
# Default is "NO".
# uwsgi_socket (path/str): Set the path to the uwsgi unix socket
# Default is /tmp/uwsgi.sock.
+# uwsgi_socket_mode (int): Set the mode of the socket.
+# Default is 600.
# uwsgi_logfile (path): Set the path to the uwsgi log file
# Default is /var/log/uwsgi.log.
# uwsgi_pidfile (path): Set the path to the uwsgi pid file
@@ -45,6 +47,7 @@ command=%%PREFIX%%/bin/uwsgi
: ${uwsgi_enable="NO"}
: ${uwsgi_profiles=""}
: ${uwsgi_socket="/tmp/${name}.sock"}
+: ${uwsgi_socket_mode="600"}
: ${uwsgi_logfile="/var/log/${name}.log"}
: ${uwsgi_pidfile="/var/run/${name}.pid"}
: ${uwsgi_uid="80"}
@@ -72,6 +75,7 @@ if [ -n "${uwsgi_profiles}" ]; then
exit 1
fi
eval uwsgi_socket=\${uwsgi_${profile}_socket:-"/tmp/${name}-${profile}.sock"}
+ eval uwsgi_socket_mode=\${uwsgi_${profile}_socket_mode:-"600"}
eval uwsgi_logfile=\${uwsgi_${profile}_logfile:-"/var/log/${name}-${profile}.log"}
eval uwsgi_pidfile=\${uwsgi_${profile}_pidfile:-"/var/run/${name}-${profile}.pid"}
eval uwsgi_uid=\${uwsgi_${profile}_uid:-"${uwsgi_uid}"}
@@ -88,7 +92,7 @@ if [ -n "${uwsgi_profiles}" ]; then
fi
command=%%PREFIX%%/bin/uwsgi
-command_args="--pidfile ${uwsgi_pidfile} -s ${uwsgi_socket} -d ${uwsgi_logfile} --uid ${uwsgi_uid} --gid ${uwsgi_gid}"
+command_args="--pidfile ${uwsgi_pidfile} -s ${uwsgi_socket} --chmod-socket=${uwsgi_socket_mode} -d ${uwsgi_logfile} --uid ${uwsgi_uid} --gid ${uwsgi_gid}"
pidfile=${uwsgi_pidfile}
stop_postcmd=stop_postcmd
reload_precmd=reload_precmd
More information about the svn-ports-branches
mailing list