Github messages for voidlinux
 help / color / mirror / Atom feed
* [PR PATCH] dhcpcd: make privsep a build option and disable it
@ 2020-11-17  3:36 CameronNemo
  2020-11-17  3:59 ` [PR REVIEW] " ericonr
                   ` (5 more replies)
  0 siblings, 6 replies; 7+ messages in thread
From: CameronNemo @ 2020-11-17  3:36 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 684 bytes --]

There is a new pull request by CameronNemo against master on the void-packages repository

https://github.com/CameronNemo/void-packages dhcpcd-privsep-option-2
https://github.com/void-linux/void-packages/pull/26451

dhcpcd: make privsep a build option and disable it
dhcpcd's privsep is seccomp based and thus shits the bed on a whim (e.g.
different CPU architectures or upstream libc changes).

Disable it by default, but leave the option around if somebody really
needs it (hint: they can probably just use the AppArmor profile).

@Skirmisher care to test if this fixes the fork bomb?

@sgn

A patch file from https://github.com/void-linux/void-packages/pull/26451.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-dhcpcd-privsep-option-2-26451.patch --]
[-- Type: text/x-diff, Size: 1696 bytes --]

From 9349cd8f33f2dedfaa0099c40a743bc5e7cc76ca Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Sat, 12 Sep 2020 11:38:57 -0700
Subject: [PATCH] dhcpcd: make privsep a build option and disable it

dhcpcd's privsep is seccomp based and thus shits the bed on a whim (e.g.
different CPU architectures or upstream libc changes).

Disable it by default, but leave the option around if somebody really
needs it (hint: they can probably just use the AppArmor profile).
---
 srcpkgs/dhcpcd/template | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/srcpkgs/dhcpcd/template b/srcpkgs/dhcpcd/template
index 34cab48e07b..ecc5dfd72df 100644
--- a/srcpkgs/dhcpcd/template
+++ b/srcpkgs/dhcpcd/template
@@ -1,10 +1,12 @@
 # Template file for 'dhcpcd'
 pkgname=dhcpcd
 version=9.3.2
-revision=1
+revision=2
 build_style=configure
 make_check_target=test
-configure_args="--prefix=/usr --sbindir=/usr/bin --sysconfdir=/etc --rundir=/run/dhcpcd --privsepuser=_dhcpcd"
+configure_args="
+ --prefix=/usr --sbindir=/usr/bin --sysconfdir=/etc --rundir=/run/dhcpcd
+ $(vopt_if privsep --privsepuser=_dhcpcd)"
 hostmakedepends="ntp pkg-config"
 makedepends="eudev-libudev-devel"
 short_desc="RFC2131 compliant DHCP client"
@@ -15,10 +17,13 @@ distfiles="https://roy.marples.name/downloads/dhcpcd/dhcpcd-${version}.tar.xz"
 checksum=6d49af5e766a2515e6366e4f669663df04ecdf90a1a60ddb1d7a2feb4b5d2566
 lib32disabled=yes
 conf_files=/etc/dhcpcd.conf
-# privsep
+
 system_accounts="_dhcpcd"
 _dhcpcd_homedir="/var/db/dhcpcd"
 
+build_options="privsep"
+desc_option_privsep="Enable privilege separation mode for the daemon"
+
 post_install() {
 	vsv dhcpcd
 	vsv dhcpcd-eth0

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-11-17 12:49 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-17  3:36 [PR PATCH] dhcpcd: make privsep a build option and disable it CameronNemo
2020-11-17  3:59 ` [PR REVIEW] " ericonr
2020-11-17  4:18 ` Skirmisher
2020-11-17  4:20 ` Skirmisher
2020-11-17 11:11 ` [PR REVIEW] " q66
2020-11-17 11:34 ` [PR PATCH] [Merged]: " q66
2020-11-17 12:49 ` Duncaen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).