From c26a08ebbe98f57cc818ba6e8bf8731f2289b36c Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 18 Sep 2021 13:42:00 +0200 Subject: [PATCH 01/58] hooks/post-install: add check setuid/setgid hook --- .../post-install/15-check-setuid-setgid.sh | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 common/hooks/post-install/15-check-setuid-setgid.sh diff --git a/common/hooks/post-install/15-check-setuid-setgid.sh b/common/hooks/post-install/15-check-setuid-setgid.sh new file mode 100644 index 000000000000..dae87c2b3d5c --- /dev/null +++ b/common/hooks/post-install/15-check-setuid-setgid.sh @@ -0,0 +1,26 @@ +dofind() { + error= + for setidfile in $(find "$PKGDESTDIR" -type f -perm -"$1"); do + matched= + for allowed_file in ${!2}; do + if [ "$PKGDESTDIR$allowed_file" = "$setidfile" ]; then + matched=y + break + fi + done + if [ -n "$matched" ]; then + echo "$2 file: ${setidfile#$PKGDESTDIR}" + else + msg_red "not allowed $2 file: ${setidfile#$PKGDESTDIR}\n" + error=y + fi + done + if [ -n "$error" ]; then + msg_error "$2 files not explicitly allowed, please list them in \$$2\n" + fi +} + +hook() { + dofind 4000 setuid + dofind 2000 setgid +} From 3c6258f0e87105ba15e200b19927d57b3ac9a8d0 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:50:33 +0100 Subject: [PATCH 02/58] xlockmore: add $setuid --- srcpkgs/xlockmore/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/xlockmore/template b/srcpkgs/xlockmore/template index 2cee0181924d..c9b9b1b0764e 100644 --- a/srcpkgs/xlockmore/template +++ b/srcpkgs/xlockmore/template @@ -15,6 +15,7 @@ changelog="http://sillycycle.com/xlock/xlockmore.README" distfiles="http://sillycycle.com/xlock/xlockmore-${version}.tar.xz" checksum=0118b2d4b28303c335426cd6ca844b4776e4b71adb1d344f2ec087b57616c21a CFLAGS="-D_DEFAULT_SOURCE" +setuid="/usr/bin/xlock" build_options="opengl" desc_option_opengl="Enable OpenGL modes" From 57b5e78305bbf5a1ccc665916f9dde14d8d30660 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:33 +0100 Subject: [PATCH 03/58] ecryptfs-utils: add $setuid and $setgid --- srcpkgs/ecryptfs-utils/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/ecryptfs-utils/template b/srcpkgs/ecryptfs-utils/template index 6bdc07b97c32..d8faed1cd554 100644 --- a/srcpkgs/ecryptfs-utils/template +++ b/srcpkgs/ecryptfs-utils/template @@ -17,6 +17,8 @@ homepage="http://ecryptfs.org/" distfiles="http://launchpad.net/ecryptfs/trunk/${version}/+download/${pkgname}_${version}.orig.tar.gz" checksum=112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f lib32disabled=yes +setuid="/usr/bin/mount.ecryptfs_private" +setgid="/usr/bin/mount.ecryptfs_private" CPPFLAGS="-D_FILE_OFFSET_BITS=64 -I${XBPS_CROSS_BASE}/usr/include/python2.7" From 53ed390cccafc4cf926f570cdd2b086bf57ecc6c Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:28 +0100 Subject: [PATCH 04/58] cifs-utils: add $setuid and $setgid --- srcpkgs/cifs-utils/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/cifs-utils/template b/srcpkgs/cifs-utils/template index 5576b371ca6a..331a0878b36d 100644 --- a/srcpkgs/cifs-utils/template +++ b/srcpkgs/cifs-utils/template @@ -14,6 +14,8 @@ homepage="https://wiki.samba.org/index.php/LinuxCIFS_utils" distfiles="https://ftp.samba.org/pub/linux-cifs/${pkgname}/${pkgname}-${version}.tar.bz2" checksum=a7b6940e93250c1676a6fa66b6ead91b78cd43a5fee99cc462459c8b9cf1e6f4 python_version=3 +setuid="/usr/bin/mount.cifs" +setgid="/usr/bin/mount.cifs" pre_configure() { autoreconf -fi From f0743b6e5ca5441391e25a20e2f46a65b2a46e9c Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:35:19 +0100 Subject: [PATCH 05/58] mit-krb5: add $setuid --- srcpkgs/mit-krb5/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/mit-krb5/template b/srcpkgs/mit-krb5/template index a67bae19764a..f354b5cbea67 100644 --- a/srcpkgs/mit-krb5/template +++ b/srcpkgs/mit-krb5/template @@ -13,6 +13,7 @@ license="MIT" homepage="http://web.mit.edu/kerberos" distfiles="${homepage}/dist/krb5/${version%.*}/krb5-${version}.tar.gz" checksum=e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719 +setuid="/usr/bin/ksu" post_patch() { vsed -e "/LDFLAGS=/d" -i src/build-tools/krb5-config.in From 84534840e6df4ce1d3592611ee81341379e6009c Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:49:56 +0100 Subject: [PATCH 06/58] udevil: add $setuid --- srcpkgs/udevil/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/udevil/template b/srcpkgs/udevil/template index b560bdf7589f..263d0a652102 100644 --- a/srcpkgs/udevil/template +++ b/srcpkgs/udevil/template @@ -13,6 +13,7 @@ license="GPL-3.0-or-later" homepage="http://ignorantguru.github.io/udevil/" distfiles="https://github.com/IgnorantGuru/udevil/archive/${version}.tar.gz" checksum=ad2fd8375bd62622718a04235e9772119459089938dbb78e657955e595822b7c +setuid="/usr/bin/udevil" post_patch() { vsed -i -e '/DATADIRNAME=/s/=.*/=share/' configure From 1ac66c0fe223997b16ef6a4f4a5034884b05c103 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:44:48 +0100 Subject: [PATCH 07/58] s-nail: add $setuid --- srcpkgs/s-nail/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/s-nail/template b/srcpkgs/s-nail/template index 7a171cea0d27..f8483be17854 100644 --- a/srcpkgs/s-nail/template +++ b/srcpkgs/s-nail/template @@ -12,6 +12,7 @@ license="BSD-4-Clause, BSD-3-Clause, BSD-2-Clause, ISC" homepage="https://git.sdaoden.eu/cgit/s-nail.git" distfiles="https://www.sdaoden.eu/downloads/s-nail-${version}.tar.xz" checksum=2714d6b8fb2af3b363fc7c79b76d058753716345d1b6ebcd8870ecd0e4f7ef8c +setuid="/usr/libexec/s-nail-dotlock" provides="mail-${version}_${revision}" From 81ee23513cc7b844ee8458da3fb2a2117c4f2841 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 00:48:16 +0100 Subject: [PATCH 08/58] util-linux: add $setuid --- srcpkgs/util-linux/template | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/srcpkgs/util-linux/template b/srcpkgs/util-linux/template index 2530c51d17b9..6a9c0ccdcc0c 100644 --- a/srcpkgs/util-linux/template +++ b/srcpkgs/util-linux/template @@ -23,6 +23,12 @@ license="GPL-2.0-or-later" homepage="https://www.kernel.org/pub/linux/utils/util-linux/" distfiles="${KERNEL_SITE}/utils/${pkgname}/v${version%.${version#*.*.}}/${pkgname}-${version}.tar.xz" checksum=60492a19b44e6cf9a3ddff68325b333b8b52b6c59ce3ebd6a0ecaa4c5117e84f +setuid="/usr/bin/chsh + /usr/bin/chfn + /usr/bin/su + /usr/bin/mount + /usr/bin/newgrp + /usr/bin/umount" # Create uuidd system account for uuidd. system_accounts="_uuidd" From d6afa25459183d17c524d501bea02ca4d9c4134a Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:36:05 +0100 Subject: [PATCH 09/58] opendoas: add $setuid --- srcpkgs/opendoas/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/opendoas/template b/srcpkgs/opendoas/template index 5254f280b801..9e93eaaf26fc 100644 --- a/srcpkgs/opendoas/template +++ b/srcpkgs/opendoas/template @@ -13,6 +13,7 @@ license="ISC, BSD-3-Clause" homepage="https://github.com/Duncaen/OpenDoas" distfiles="https://github.com/Duncaen/OpenDoas/archive/v${version}.tar.gz" checksum=6da058a0e70b7543bc60624389b0b00b686189ec933828c522bf8b2600495a67 +setuid="/usr/bin/doas" build_options="pam timestamp" build_options_default="pam timestamp" From 7e0d812ba20d70d0f762924663939970697c6b97 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:50:19 +0100 Subject: [PATCH 10/58] weston: add $setuid --- srcpkgs/weston/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/weston/template b/srcpkgs/weston/template index b517c10c98ca..465d5310a9b5 100644 --- a/srcpkgs/weston/template +++ b/srcpkgs/weston/template @@ -21,6 +21,7 @@ distfiles="https://wayland.freedesktop.org/releases/${pkgname}-${version}.tar.xz checksum=5cf5d6ce192e0eb15c1fc861a436bf21b5bb3b91dbdabbdebe83e1f83aa098fe system_groups="weston-launch" lib32disabled=yes +setuid="/usr/bin/weston-launch" # Package build options build_options="elogind vaapi" From 7edd5f589e2bcf5b38a3cb9b688b223df4bdee00 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 01:22:39 +0100 Subject: [PATCH 11/58] enlightenment: set $setuid --- srcpkgs/enlightenment/template | 3 +++ 1 file changed, 3 insertions(+) diff --git a/srcpkgs/enlightenment/template b/srcpkgs/enlightenment/template index ec1a084618db..d6406be26df8 100644 --- a/srcpkgs/enlightenment/template +++ b/srcpkgs/enlightenment/template @@ -20,6 +20,9 @@ checksum=56db5d206b821b9a8831d26e713e410ac70b2255a6f43fcdf7c01eefde23b7a2 lib32disabled=yes build_options="wayland" build_options_default="wayland" +setuid="/usr/lib/enlightenment/utils/enlightenment_ckpasswd + /usr/lib/enlightenment/utils/enlightenment_sys + /usr/lib/enlightenment/utils/enlightenment_system" if [ "$CROSS_BUILD" -a "$build_option_wayland" ]; then hostmakedepends+=" wayland-devel" From 3d37f6501dda418bf964a4838f2a2c865852a3c8 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:35:48 +0100 Subject: [PATCH 12/58] nfs-utils: add $setuid --- srcpkgs/nfs-utils/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/nfs-utils/template b/srcpkgs/nfs-utils/template index 252a7355b683..363c72c9ab67 100644 --- a/srcpkgs/nfs-utils/template +++ b/srcpkgs/nfs-utils/template @@ -15,6 +15,7 @@ homepage="https://www.linux-nfs.org/" distfiles="${KERNEL_SITE}/utils/${pkgname}/${version}/${pkgname}-${version}.tar.xz" checksum=5200873e81c4d610e2462fc262fe18135f2dbe78b7979f95accd159ae64d5011 replaces="rpcgen>=0" +setuid="/usr/bin/mount.nfs" hostmakedepends="pkg-config libtirpc-devel rpcsvc-proto" makedepends="libblkid-devel libmount-devel libtirpc-devel From 1efdc4b88293416d6f037b5e5311e8fcc337b26f Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:31:52 +0100 Subject: [PATCH 13/58] libcgroup: add $setuid --- srcpkgs/libcgroup/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/libcgroup/template b/srcpkgs/libcgroup/template index 18dfd5c9f8e5..499d9e16cb1b 100644 --- a/srcpkgs/libcgroup/template +++ b/srcpkgs/libcgroup/template @@ -13,6 +13,7 @@ license="LGPL-2.1-only" homepage="https://github.com/libcgroup/libcgroup" distfiles="https://github.com/libcgroup/libcgroup/releases/download/v${version%.*}/libcgroup-${version}.tar.gz" checksum=8d284d896fca1c981b55850e92acd3ad9648a69227c028dda7ae3402af878edd +setuid="/usr/bin/cgexec" case "$XBPS_TARGET_MACHINE" in *-musl) # Add musl-fts implementation From d00546e311d50b57c0f0565a540bb8f16adf0ba0 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:37:34 +0100 Subject: [PATCH 14/58] physlock: add $setuid --- srcpkgs/physlock/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/physlock/template b/srcpkgs/physlock/template index 0f091d24444c..f7faecb98250 100644 --- a/srcpkgs/physlock/template +++ b/srcpkgs/physlock/template @@ -11,6 +11,7 @@ license="GPL-2.0-or-later" homepage="https://github.com/muennich/physlock" distfiles="${homepage}/archive/v${version}.tar.gz" checksum=9ae4716a1e916f141e47a01b439133ca382281ebdcbec1e53f85da6771774bd6 +setuid="/usr/bin/physlock" CFLAGS="-D_GNU_SOURCE" From b4b21c8bbfa94da38d990f15b2a4910bcea3c344 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:35 +0100 Subject: [PATCH 15/58] fuse3: add $setuid --- srcpkgs/fuse3/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/fuse3/template b/srcpkgs/fuse3/template index 5fcf41be2e86..bd7bb00ee8ed 100644 --- a/srcpkgs/fuse3/template +++ b/srcpkgs/fuse3/template @@ -14,6 +14,7 @@ changelog="https://raw.githubusercontent.com/libfuse/libfuse/master/ChangeLog.rs distfiles="https://github.com/libfuse/libfuse/releases/download/fuse-${version}/fuse-${version}.tar.xz" checksum=6cd0759944c9aeb3d078b24a97b8a5cd5d49a0b8b7f15f85f32ac0c8a662fb6e conf_files="/etc/fuse.conf" +setuid="/usr/bin/fusermount3" # Tests require root make_check=no From f39d2ef2d8678e5987fd1bb7fb2b7164d7481bb7 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:39 +0100 Subject: [PATCH 16/58] incron: add $setuid --- srcpkgs/incron/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/incron/template b/srcpkgs/incron/template index 14222e496d94..fb6cd128ed4a 100644 --- a/srcpkgs/incron/template +++ b/srcpkgs/incron/template @@ -8,6 +8,7 @@ license="X11" homepage="https://github.com/ar-/incron" distfiles="https://github.com/ar-/incron/archive/${version}.tar.gz" checksum=cce80bd723bafce59f35464f2f851d02707e32efa102e2b941ed0e42bdd38f91 +setuid="/usr/bin/incrontab" make_dirs="/var/spool/incron 0755 root root /etc/incron.d 0755 root root" From af1704542a6e3fedbbb1779d8255a95390522ce2 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:32:36 +0100 Subject: [PATCH 17/58] libpam-policycache: add $setuid --- srcpkgs/libpam-policycache/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/libpam-policycache/template b/srcpkgs/libpam-policycache/template index 6777b0856dd6..921fccd61886 100644 --- a/srcpkgs/libpam-policycache/template +++ b/srcpkgs/libpam-policycache/template @@ -12,6 +12,7 @@ homepage="https://github.com/google/libpam-policycache" distfiles="https://github.com/google/libpam-policycache/archive/v$version.tar.gz" checksum=d1a074493d3a4076094a79093ec02c8fdd886069b9624d8b6765f7a1e840fae6 CFLAGS="-Wno-error=deprecated-declarations" +setuid="/usr/bin/pam-escalate-helper" make_dirs="/etc/libpam-policycache.d 0755 root root /var/cache/libpam-policycache 0700 root root" From 15b987b2fa3936853c2683f4b32a4445b1e8b6a0 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:36:55 +0100 Subject: [PATCH 18/58] openssh: add $setuid --- srcpkgs/openssh/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index 3adadcdbac33..adb2604ef937 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -26,6 +26,7 @@ distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${ver checksum=3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46 conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd" make_dirs="/var/chroot/ssh 0755 root root" +setuid="/usr/libexec/ssh-keysign" # Package build options build_options="fido2 gssapi ldns ssl" From 4251413cb47de6a83b795b5e38c1d08199efab5e Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:47:17 +0100 Subject: [PATCH 19/58] slock: add $setuid --- srcpkgs/slock/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/slock/template b/srcpkgs/slock/template index aa7890a49973..6612c55dcf01 100644 --- a/srcpkgs/slock/template +++ b/srcpkgs/slock/template @@ -10,6 +10,7 @@ license="MIT" homepage="http://tools.suckless.org/slock" distfiles="http://dl.suckless.org/tools/slock-${version}.tar.gz" checksum=aee1e3fbf6a277fb625a3838073b979b6483e7baca4ce82f56de1ff192db0e4d +setuid="/usr/bin/slock" do_build() { [ -e ${FILESDIR}/config.h ] && cp ${FILESDIR}/config.h config.h From 95606cbccfd48f3d1208e7cde500a14159b257d7 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:49:38 +0100 Subject: [PATCH 20/58] thttpd: add $setgid --- srcpkgs/thttpd/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/thttpd/template b/srcpkgs/thttpd/template index 13de3fbef35e..3d288f2ea1cf 100644 --- a/srcpkgs/thttpd/template +++ b/srcpkgs/thttpd/template @@ -9,6 +9,7 @@ license="BSD-2-Clause" homepage="http://www.acme.com/software/thttpd/" distfiles="http://www.acme.com/software/thttpd/thttpd-${version}.tar.gz" checksum=99c09f47da326b1e7b5295c45549d2b65534dce27c44812cf7eef1441681a397 +setgid="/usr/bin/makeweb" pre_configure() { vsed -i Makefile.in -e "s,-o bin -g bin,,g" From a90b62ba208cc559b0e6809ba2ecc93d7ff9572a Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:40:16 +0100 Subject: [PATCH 21/58] polkit: add $setuid --- srcpkgs/polkit/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/polkit/template b/srcpkgs/polkit/template index 84ab7453bb9b..aa7038f0e71c 100644 --- a/srcpkgs/polkit/template +++ b/srcpkgs/polkit/template @@ -21,6 +21,8 @@ changelog="https://gitlab.freedesktop.org/polkit/polkit/-/raw/master/NEWS" distfiles="${FREEDESKTOP_SITE}/${pkgname}/releases/${pkgname}-${version}.tar.gz" checksum=9dc7ae341a797c994a5a36da21963f0c5c8e3e5a1780ccc2a5f52e7be01affaa system_accounts="polkitd" +setuid="/usr/bin/pkexec + /usr/lib/polkit-1/polkit-agent-helper-1" #replaces="polkit-elogind>=0" #provides="polkit-elogind-${version}_${revision}" From 70032bd83ff0591ded0601ce6e8ebea10cdbef82 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:34 +0100 Subject: [PATCH 22/58] fuse: add $setuid --- srcpkgs/fuse/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/fuse/template b/srcpkgs/fuse/template index b4fe1571f575..fa44380b9f8d 100644 --- a/srcpkgs/fuse/template +++ b/srcpkgs/fuse/template @@ -11,6 +11,7 @@ license="GPL-2.0-or-later, LGPL-2.1-or-later" homepage="https://github.com/libfuse/libfuse" distfiles="${homepage}/releases/download/${pkgname}-${version}/${pkgname}-${version}.tar.gz" checksum=d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5 +setuid="/usr/bin/fusermount" pre_configure() { autoreconf -fi From 5b6195e4a0de9a6678620d175964239ef213282d Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:34:35 +0100 Subject: [PATCH 23/58] mariadb: add $setuid --- srcpkgs/mariadb/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/mariadb/template b/srcpkgs/mariadb/template index 71409f89930c..c594e7ea10a3 100644 --- a/srcpkgs/mariadb/template +++ b/srcpkgs/mariadb/template @@ -37,6 +37,7 @@ make_dirs="/var/lib/mysql 0700 mysql mysql /usr/lib/mysql/plugin/auth_pam_tool_dir 0700 mysql root" CFLAGS="-UNDEBUG" CXXFLAGS="-UNDEBUG" +setuid="/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool" post_patch() { case "$XBPS_TARGET_MACHINE" in From f4e9baee9ffaf1f65978dd1534e3014f2c166417 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:47:46 +0100 Subject: [PATCH 24/58] spice-gtk: add $setuid --- srcpkgs/spice-gtk/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/spice-gtk/template b/srcpkgs/spice-gtk/template index 3afa0268ee9f..dee6a7c8285c 100644 --- a/srcpkgs/spice-gtk/template +++ b/srcpkgs/spice-gtk/template @@ -22,6 +22,7 @@ homepage="https://spice-space.org" changelog="https://gitlab.freedesktop.org/spice/spice-gtk/-/raw/master/CHANGELOG.md" distfiles="https://spice-space.org/download/gtk/${pkgname}-${version}.tar.xz" checksum=d8f8b5cbea9184702eeb8cc276a67d72acdb6e36e7c73349fb8445e5bca0969f +setuid="/usr/libexec/spice-client-glib-usb-acl-helper" CFLAGS="-Wno-error -Wno-error=unused-but-set-variable" From 26ca573399430baaaba67ce1c310346cae84b423 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 00:49:24 +0100 Subject: [PATCH 25/58] uucp: add $setuid --- srcpkgs/uucp/template | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/srcpkgs/uucp/template b/srcpkgs/uucp/template index 2b2b6f758fae..3719a4820ea2 100644 --- a/srcpkgs/uucp/template +++ b/srcpkgs/uucp/template @@ -11,7 +11,13 @@ license="GPL-2.0-or-later" homepage="https://www.gnu.org/software/uucp/uucp.html" distfiles="${GNU_SITE}/$pkgname/$pkgname-$version.tar.gz" checksum=060c15bfba6cfd1171ad81f782789032113e199a5aded8f8e0c1c5bd1385b62c -patch_args="-Np1" +setuid="/usr/bin/uuname + /usr/bin/uuxqt + /usr/bin/uucp + /usr/bin/cu + /usr/bin/uux + /usr/bin/uucico + /usr/bin/uustat" system_accounts="_uucp" _uucp_homedir="/var/spool/uucp" From 2475ef7eeffb56c6499adfc56f0882512772544d Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:31 +0100 Subject: [PATCH 26/58] dar: add $setuid --- srcpkgs/dar/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/dar/template b/srcpkgs/dar/template index c289909e8122..979ec2f21d93 100644 --- a/srcpkgs/dar/template +++ b/srcpkgs/dar/template @@ -14,6 +14,7 @@ license="GPL-2.0-or-later" homepage="http://dar.linux.free.fr/" distfiles="${SOURCEFORGE_SITE}/dar/dar-${version}.tar.gz" checksum=3fea9ff9e55fb9827e17a080de7d1a2605b82c2320c0dec969071efefdbfd097 +setuid="/usr/bin/dar" if [ "$CROSS_BUILD" ]; then configure_args+=" --with-gpgme-prefix=${XBPS_CROSS_BASE}/usr From c5816d4ac329df9869f6291d54e87fcb4e83a0bf Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 22:53:36 +0100 Subject: [PATCH 27/58] keybase: add $setuid --- srcpkgs/keybase/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/keybase/template b/srcpkgs/keybase/template index 8db0a57472f7..708f116059d5 100644 --- a/srcpkgs/keybase/template +++ b/srcpkgs/keybase/template @@ -16,6 +16,7 @@ license="BSD-3-Clause" homepage="https://keybase.io/" distfiles="https://github.com/keybase/client/releases/download/v$version/keybase-v$version.tar.xz" checksum=5e89792105ce29420e92ebeaf8055db5e7d67de5e181f83f69904356ddeb8c71 +setuid="/usr/bin/keybase-redirector" post_install() { vlicense LICENSE From 6a2522a88dc7d677eda896b96361094b449af370 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:33 +0100 Subject: [PATCH 28/58] dcron: add $setuid --- srcpkgs/dcron/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/dcron/template b/srcpkgs/dcron/template index ab92850344ee..c0eabe30674e 100644 --- a/srcpkgs/dcron/template +++ b/srcpkgs/dcron/template @@ -11,6 +11,7 @@ changelog="https://raw.githubusercontent.com/dubiousjim/dcron/v${version}/CHANGE distfiles="https://github.com/dubiousjim/dcron/archive/v${version}.tar.gz" checksum=7c047194b9339b781971b000bf5512c11e856d20a14fe5323d5a1823f04c2a3f provides="cron-daemon-0_1" +setuid="/usr/bin/dcrontab" alternatives=" crond:crond:/etc/sv/dcron From fc7754829ae176b66e0f327f9496fbd7dd36b915 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 22:56:15 +0100 Subject: [PATCH 29/58] kbdlight: add $setuid --- srcpkgs/kbdlight/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/kbdlight/template b/srcpkgs/kbdlight/template index 32bfec5560a5..4fb408d0dd3e 100644 --- a/srcpkgs/kbdlight/template +++ b/srcpkgs/kbdlight/template @@ -9,6 +9,7 @@ license="MIT" homepage="https://github.com/hobarrera/kbdlight" distfiles="https://github.com/hobarrera/${pkgname}/archive/v${version}.tar.gz" checksum=7d852d544f73e27245b7c21d820ede7c7c3e0992f37fb17cf257fd03e3926bb1 +setuid="/usr/bin/kbdlight" post_install() { vlicense LICENCE From 0d5ae92ca9d57c35920d44c9982c1c0ddcbe6f58 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:29 +0100 Subject: [PATCH 30/58] containers: add $setuid --- srcpkgs/containers/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/containers/template b/srcpkgs/containers/template index 7f7ebc7f8178..b8509ce477fc 100644 --- a/srcpkgs/containers/template +++ b/srcpkgs/containers/template @@ -9,6 +9,8 @@ license="MIT" homepage="https://github.com/arachsys/containers" distfiles="https://github.com/arachsys/containers/archive/containers-${version}.tar.gz" checksum=5f43ffaf9bcfc73032cafeb94fe9596dcfa0b26f0bd2730656c3daa4341d9c02 +setuid="/usr/bin/contain + /usr/bin/pseudo" do_install() { vbin inject inject-contain From cb4b83f5b7537edfd6fe8bbe266aee5e1d408543 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:34 +0100 Subject: [PATCH 31/58] fcron: add $setuid and $setgid --- srcpkgs/fcron/template | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/srcpkgs/fcron/template b/srcpkgs/fcron/template index d3f8567f8927..e8cce723e24a 100644 --- a/srcpkgs/fcron/template +++ b/srcpkgs/fcron/template @@ -32,6 +32,12 @@ homepage="http://fcron.free.fr" distfiles="$homepage/archives/$pkgname-$version.src.tar.gz" checksum=f359daa08a63ddfb7fe2f964bb3f5c52244c25aa36f9225a3cc54d36f4681106 +setuid="/usr/bin/fcronsighup + /usr/bin/fcrondyn + /usr/bin/fcrontab" +setgid="/usr/bin/fcrondyn + /usr/bin/fcrontab" + alternatives=" crond:crond:/etc/sv/fcron crond:crontab:/usr/bin/fcrontab From 958814ae0b47ed592d93614ca3935fc191c283e1 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:36 +0100 Subject: [PATCH 32/58] glusterfs: add $setuid --- srcpkgs/glusterfs/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/glusterfs/template b/srcpkgs/glusterfs/template index 993fde9a321c..b293783cb34c 100644 --- a/srcpkgs/glusterfs/template +++ b/srcpkgs/glusterfs/template @@ -18,6 +18,7 @@ license="GPL-2.0-or-later, LGPL-3.0-only" homepage="https://www.gluster.org/" distfiles="https://download.gluster.org/pub/gluster/glusterfs/${version%.*}/${version}/${pkgname}-${version}.tar.gz" checksum=07f360c9b43cb1101a857706494e310328e9d6a4e6b2f0697a3bc3f165c2652a +setuid="/usr/bin/fusermount-glusterfs" case "$XBPS_TARGET_MACHINE" in *-musl) broken="not yet supported";; From 51adb9b20a9be029d9d415ac7098c4541baf45d4 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:55:28 +0100 Subject: [PATCH 33/58] Powermanga: add $setuid --- srcpkgs/Powermanga/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/Powermanga/template b/srcpkgs/Powermanga/template index f3b9ef9faf3c..5c78aeb88302 100644 --- a/srcpkgs/Powermanga/template +++ b/srcpkgs/Powermanga/template @@ -11,6 +11,7 @@ license="GPL-3.0-or-later" homepage="http://linux.tlk.fr/games/Powermanga" distfiles="https://github.com/brunonymous/Powermanga/archive/${version}.tar.gz" checksum=010987a3cb27a1f9388a212f637977692284b5616952efa1efae09d2464e9249 +setgid="/usr/bin/powermanga" pre_configure() { ./bootstrap From a12da74ac84ce1224cd47a5efc8f2cbcf8c6945b Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:29 +0100 Subject: [PATCH 34/58] cronie: add $setuid --- srcpkgs/cronie/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/cronie/template b/srcpkgs/cronie/template index 3f8fbbcc4f30..c4315e9087c5 100644 --- a/srcpkgs/cronie/template +++ b/srcpkgs/cronie/template @@ -24,6 +24,7 @@ make_dirs=" /var/spool/anacron 0755 root root" conf_files="/etc/anacrontab /etc/pam.d/crond /etc/cron.deny" provides="cron-daemon-0_1" +setuid="/usr/bin/cronie-crontab" alternatives=" crond:crond:/etc/sv/cronie From b52bf23435262285acd98d3ee08a6d7cf94c00c7 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 00:55:39 +0100 Subject: [PATCH 35/58] xscreensaver: add $setuid --- srcpkgs/xscreensaver/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/xscreensaver/template b/srcpkgs/xscreensaver/template index 581298ad5999..38de4a9f0642 100644 --- a/srcpkgs/xscreensaver/template +++ b/srcpkgs/xscreensaver/template @@ -18,6 +18,8 @@ homepage="https://www.jwz.org/xscreensaver/" changelog="https://www.jwz.org/xscreensaver/changelog.html" distfiles="https://www.jwz.org/xscreensaver/xscreensaver-${version}.tar.gz" checksum=f534fab85a836de5b8be8e91fc21b80ca7d6a4ed9386ebe207d4be7a4e7499a7 +setuid="/usr/libexec/xscreensaver/xscreensaver-auth + /usr/libexec/xscreensaver/sonar" pre_configure() { mkdir -p /usr/share/X11/app-defaults From 2b9ea7097dce84de7e3edb168a23ec1349a438e2 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:40:45 +0100 Subject: [PATCH 36/58] pmount: add $setuid --- srcpkgs/pmount/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/pmount/template b/srcpkgs/pmount/template index 8a826f4e0fe6..34b34d11d4af 100644 --- a/srcpkgs/pmount/template +++ b/srcpkgs/pmount/template @@ -12,6 +12,8 @@ homepage="http://pmount.alioth.debian.org/" distfiles="${DEBIAN_SITE}/main/p/${pkgname}/${pkgname}_${version}.orig.tar.bz2" checksum=db38fc290b710e8e9e9d442da2fb627d41e13b3ee80326c15cc2595ba00ea036 conf_files="/etc/pmount.allow" +setuid="/usr/bin/pmount + /usr/bin/pumount" post_patch() { vsed -i -e 's/DATADIRNAME=lib/DATADIRNAME=share/' configure From 9d2e697d26908f4d6eb42a25957ea8ea6c7d466d Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:49:19 +0100 Subject: [PATCH 37/58] sudo: add $setuid --- srcpkgs/sudo/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/sudo/template b/srcpkgs/sudo/template index f1278024f4ff..43d3088d0002 100644 --- a/srcpkgs/sudo/template +++ b/srcpkgs/sudo/template @@ -18,6 +18,7 @@ distfiles="https://www.sudo.ws/dist/sudo-${version}.tar.gz" checksum=b9a0b1ae0f1ddd9be7f3eafe70be05ee81f572f6f536632c44cd4101bb2a8539 conf_files="/etc/pam.d/sudo /etc/sudoers" lib32disabled=yes +setuid="/usr/bin/sudo" post_configure() { case "$XBPS_TARGET_MACHINE" in From 01e567e0b7913da3814dae50ee247404480b59b1 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:33:54 +0100 Subject: [PATCH 38/58] lxc: add $setuid --- srcpkgs/lxc/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template index 40f9cf15b522..2ec773597a59 100644 --- a/srcpkgs/lxc/template +++ b/srcpkgs/lxc/template @@ -17,6 +17,7 @@ license="LGPL-2.1-or-later" homepage="https://linuxcontainers.org" distfiles="https://linuxcontainers.org/downloads/lxc/lxc-${version}.tar.gz" checksum=d8195423bb1e206f8521d24b6cde4789f043960c7cf065990a9cf741dcfd4222 +setuid="/usr/libexec/lxc/lxc-user-nic" conf_files="/etc/lxc/default.conf" make_dirs=" From ebc9d3009350a0a84f9f3d2c1076d9b09d82ce7b Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:33 +0100 Subject: [PATCH 39/58] dma: add $setuid and $setgid --- srcpkgs/dma/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/dma/template b/srcpkgs/dma/template index 78c71595ec15..0e3a98865ec3 100644 --- a/srcpkgs/dma/template +++ b/srcpkgs/dma/template @@ -13,6 +13,8 @@ homepage="https://github.com/corecode/dma" distfiles="https://github.com/corecode/dma/archive/v${version}.tar.gz" checksum=9d4b903f2b750d888f51d668d08d2ea18404dedb0a52cffeb3c81376023c1946 system_accounts="mail" +setuid="/usr/lib/dma-mbox-create" +setgid="/usr/bin/dma" provides="smtp-server-0_1 smtp-forwarder-0_1" replaces="smtp-server>=0 smtp-forwarder>=0" From 724c982fca66e69d703b9e0536f898f9b89a2303 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:50:52 +0100 Subject: [PATCH 40/58] xorg-server: add $setuid --- srcpkgs/xorg-server/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/xorg-server/template b/srcpkgs/xorg-server/template index b4d24434a24f..b34cd8e256ff 100644 --- a/srcpkgs/xorg-server/template +++ b/srcpkgs/xorg-server/template @@ -30,6 +30,7 @@ provides="xserver-abi-extension-10_1 xserver-abi-input-24_1 xserver-abi-video-25_1 xf86-video-modesetting-1_1" replaces="xf86-video-modesetting>=0 glamor-egl>=0" conf_files="/etc/X11/Xwrapper.config" +setuid="/usr/libexec/Xorg.wrap" build_options="elogind" desc_option_elogind="Rootless Xorg support with elogind" From 6f865b7090dede05af04b37fa5e8a43ce32fa1fe Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:36:31 +0100 Subject: [PATCH 41/58] opensmtpd: add $setuid and $setgid --- srcpkgs/opensmtpd/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/opensmtpd/template b/srcpkgs/opensmtpd/template index ab0b2e6a10ab..b608b9707471 100644 --- a/srcpkgs/opensmtpd/template +++ b/srcpkgs/opensmtpd/template @@ -26,6 +26,8 @@ checksum=51bf05312fe56764748faab9e63170bfbb7c7d84a37c4117b62b2681eb3a4d17 provides="smtp-forwarder-0_1 smtp-server-0_1" replaces="smtp-forwarder>=0 smtp-server>=0" system_accounts="_smtpd _smtpq" +setuid="/usr/libexec/opensmtpd/lockspool" +setgid="/usr/bin/smtpctl" CFLAGS=-D_DEFAULT_SOURCE From 030ae950fe7a823291b19ec7dae9d101c6793241 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 01:12:48 +0100 Subject: [PATCH 42/58] arcan: add $setuid --- srcpkgs/arcan/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/arcan/template b/srcpkgs/arcan/template index 7be9652eccf3..4b3e49602fe5 100644 --- a/srcpkgs/arcan/template +++ b/srcpkgs/arcan/template @@ -29,6 +29,7 @@ distfiles="https://github.com/letoram/arcan/archive/${version}.tar.gz https://github.com/letoram/openal/archive/${_versionOpenal}.tar.gz>openal_arcan.${_versionOpenal}.tar.gz" checksum="7bf083412bc61555472877313c13116431a0a36fccbf142f97559db43b4a1475 3a50a87c05b67c466a868cc77f8dc7f9cfc9466aeeafcd823daca0d108c504da" +setuid="/usr/bin/arcan" export CMAKE_GENERATOR="Unix Makefiles" From c70f784aaaa1dce0acd10d98776fb4de566c9255 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:26 +0100 Subject: [PATCH 43/58] at: add $setuid and $setgid --- srcpkgs/at/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/at/template b/srcpkgs/at/template index 41bc74404c48..652b1138759f 100644 --- a/srcpkgs/at/template +++ b/srcpkgs/at/template @@ -16,6 +16,8 @@ homepage="https://packages.qa.debian.org/a/at.html" distfiles="${DEBIAN_SITE}/main/a/${pkgname}/${pkgname}_${version}.orig.tar.gz" checksum=bb066b389d7c9bb9d84a35738032b85c30cba7d949f758192adc72c9477fd3b8 disable_parallel_build=yes +setuid="/usr/bin/at" +setgid="/usr/bin/at" conf_files="/etc/at.deny" system_accounts="at" From c283b85906177d710683d483b85f9fe8c575a791 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:32 +0100 Subject: [PATCH 44/58] davfs2: add $setuid --- srcpkgs/davfs2/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/davfs2/template b/srcpkgs/davfs2/template index 1a2f8482e210..85b44de231a4 100644 --- a/srcpkgs/davfs2/template +++ b/srcpkgs/davfs2/template @@ -13,6 +13,7 @@ license="GPL-3.0-or-later" homepage="https://savannah.nongnu.org/projects/davfs2" distfiles="${NONGNU_SITE}/${pkgname}/${pkgname}-${version}.tar.gz" checksum=ce3eb948ece582a51c934ccb0cc70e659839172717caff173f69a5e2af90c5c0 +setuid="/usr/bin/mount.davfs" CFLAGS="-fcommon" From c526957b4ab87498c0ef79b5dd6573bd32994472 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:36 +0100 Subject: [PATCH 45/58] hikari: add $setuid --- srcpkgs/hikari/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/hikari/template b/srcpkgs/hikari/template index 64811ea08b14..a5ce6f5783c7 100644 --- a/srcpkgs/hikari/template +++ b/srcpkgs/hikari/template @@ -21,6 +21,7 @@ conf_files="/etc/pam.d/hikari-unlocker /etc/hikari/hikari.conf" # bmake's -q flag seems to differ in behavior from gnu make which causes the # build style's handling of the check target not existing to fail. make_check=no +setuid="/usr/bin/hikari-unlocker" pre_build() { # The hikari Makefile appends to the CFLAGS and LDFLAGS variables; From 3345671bc7fa8b7e11fb431eb4017b451fefd0fd Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:48:49 +0100 Subject: [PATCH 46/58] squid: add $setuid --- srcpkgs/squid/template | 3 +++ 1 file changed, 3 insertions(+) diff --git a/srcpkgs/squid/template b/srcpkgs/squid/template index 49b9eb9d7b91..9ae78bc3850a 100644 --- a/srcpkgs/squid/template +++ b/srcpkgs/squid/template @@ -58,6 +58,9 @@ checksum=6b0753aaba4c9c4efd333e67124caecf7ad6cc2d38581f19d2f0321f5b7ecd81 system_accounts="squid" # squid-conf-tests requires a squid user in the system make_check=no +setuid="/usr/libexec/squid/pinger + /usr/libexec/squid/basic_pam_auth + /usr/libexec/squid/basic_ncsa_auth" if [ "$XBPS_TARGET_NO_ATOMIC8" ]; then makedepends+=" libatomic-devel" From 6f7f2650baf40711b717fe9722c17e0d214948c7 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:33:19 +0100 Subject: [PATCH 47/58] libutempter: add $setgid --- srcpkgs/libutempter/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/libutempter/template b/srcpkgs/libutempter/template index 3a89e4126cfc..793a5e8163cd 100644 --- a/srcpkgs/libutempter/template +++ b/srcpkgs/libutempter/template @@ -9,6 +9,7 @@ license="LGPL-2.1-or-later" homepage="http://freecode.com/projects/libutempter" distfiles="http://ftp.altlinux.org/pub/people/ldv/utempter/${pkgname}-${version}.tar.gz" checksum=967fef372f391de501843ad87570c6cf5dabd9651f00f1783090fbc12b2a34cb +setgid="/usr/lib/utempter/utempter" libutempter-devel_package() { depends="${sourcepkg}>=${version}_${revision}" From ba3a888e174b704ee77ab4f5fca0ba5a22147dd5 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:46:44 +0100 Subject: [PATCH 48/58] shadow: add $setuid --- srcpkgs/shadow/template | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template index c59d92bfeb54..045005d6244e 100644 --- a/srcpkgs/shadow/template +++ b/srcpkgs/shadow/template @@ -18,6 +18,13 @@ homepage="https://github.com/shadow-maint/shadow" distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz" checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62 conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs" +setuid="/usr/bin/sg + /usr/bin/expiry + /usr/bin/gpasswd + /usr/bin/newuidmap + /usr/bin/passwd + /usr/bin/chage + /usr/bin/newgidmap" pre_configure() { case "$XBPS_TARGET_MACHINE" in From d72fc22228f59bce16249712afd61238d2ddcb4c Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:44:09 +0100 Subject: [PATCH 49/58] qemu: add $setuid --- srcpkgs/qemu/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/qemu/template b/srcpkgs/qemu/template index 48ab199e5686..d41ed5395b20 100644 --- a/srcpkgs/qemu/template +++ b/srcpkgs/qemu/template @@ -33,6 +33,7 @@ ignore_elf_dirs="/usr/share/qemu" nostrip_files="hppa-firmware.img openbios-ppc openbios-sparc32 openbios-sparc64 palcode-clipper s390-ccw.img s390-netboot.img u-boot.e500 opensbi-riscv32-generic-fw_dynamic.elf opensbi-riscv64-generic-fw_dynamic.elf" +setuid="/usr/libexec/qemu-bridge-helper" build_options="gtk3 opengl sdl2 spice virgl smartcard numa iscsi jack pulseaudio" build_options_default="opengl gtk3 virgl sdl2 numa iscsi jack pulseaudio" From 649e47734ce1b5f29a10c8c76804b05ca9c44064 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 24 Feb 2023 22:37:52 +0100 Subject: [PATCH 50/58] plocate: add $setgid --- srcpkgs/plocate/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/plocate/template b/srcpkgs/plocate/template index f288bcf8dd32..0017bbce0dd5 100644 --- a/srcpkgs/plocate/template +++ b/srcpkgs/plocate/template @@ -16,6 +16,7 @@ homepage="https://plocate.sesse.net/" changelog="https://git.sesse.net/?p=plocate;a=blob_plain;f=NEWS;hb=HEAD" distfiles="https://plocate.sesse.net/download/plocate-${version}.tar.gz" checksum=939657050b70719b01ce04fc1c8b64270062a0d53da2c72eafbe036a1964e12c +setgid="/usr/bin/plocate" system_accounts="_plocate" From 85a04364fd08147f1853f628268de737b8365e76 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Wed, 22 Feb 2023 00:57:22 +0100 Subject: [PATCH 51/58] 9mount: add $setuid --- srcpkgs/9mount/template | 3 +++ 1 file changed, 3 insertions(+) diff --git a/srcpkgs/9mount/template b/srcpkgs/9mount/template index 5b1160ad2049..c17d16298857 100644 --- a/srcpkgs/9mount/template +++ b/srcpkgs/9mount/template @@ -10,6 +10,9 @@ license="ISC" homepage="http://sqweek.net/code/9mount/" distfiles="http://sqweek.net/9p/$pkgname-$version.tar.gz" checksum=820d80b9b478d05ecb022ad658477b37cfc2414a8669c3af17d192a522064c17 +setuid="/usr/bin/9bind + /usr/bin/9mount + /usr/bin/9umount" pre_build() { sed -i '/chown/d' Makefile From 62ac3083fdcb6ffc7a151dcc416d3f4047f5c57d Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 12:01:21 +0100 Subject: [PATCH 52/58] electron19: add $setuid --- srcpkgs/electron19/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/electron19/template b/srcpkgs/electron19/template index 068136be7623..06a3e6e0ef46 100644 --- a/srcpkgs/electron19/template +++ b/srcpkgs/electron19/template @@ -34,6 +34,7 @@ distfiles="https://github.com/electron/electron/archive/v$version.tar.gz>electro checksum="d8ee01db95dfe24aa89a67424498b67102a4977ff9a3ccbfbc3f36801fdba7d5 f33363565a3c8868f5f67f0852ccf8d19ada209af8ddd4e27774e50206700464 cc2331a5c35d3dda0035d9cba71c3b8e234bc68e18ffd955b385c1e97062528f" +setuid="/usr/lib/electron19/chrome-sandbox" case "$XBPS_TARGET_MACHINE" in ppc64*-musl) makedepends+=" libucontext-devel" ;; From 2aa829474dbc1c240ffd913ed29051613cb9b83e Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 12:01:38 +0100 Subject: [PATCH 53/58] firejail: add $setuid --- srcpkgs/firejail/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/firejail/template b/srcpkgs/firejail/template index 0365d6044fec..e438bb88aa7a 100644 --- a/srcpkgs/firejail/template +++ b/srcpkgs/firejail/template @@ -14,5 +14,6 @@ changelog="https://github.com/netblue30/firejail/raw/master/RELNOTES" distfiles="https://github.com/netblue30/firejail/archive/${version}.tar.gz" checksum=fa641abe2f673cef304cee6ef0a8ddb69db7919e0b69752f89762a341a87fabc conf_files="/etc/firejail/* /etc/apparmor.d/local/firejail-default" +setuid="/usr/bin/firejail" nocross=yes From 27b6462b94b2cf182057c2613c9abe0f2803c6e0 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 12:01:47 +0100 Subject: [PATCH 54/58] hiawatha: add $setuid --- srcpkgs/hiawatha/template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/srcpkgs/hiawatha/template b/srcpkgs/hiawatha/template index 04377f40b88b..7f2887cc68fb 100644 --- a/srcpkgs/hiawatha/template +++ b/srcpkgs/hiawatha/template @@ -12,10 +12,11 @@ short_desc="Advanced and secure webserver for Unix" maintainer="Enno Boland " license="GPL-2.0-or-later" homepage="https://hiawatha-webserver.org" -distfiles="${homepage}/files/${pkgname}-${version}.tar.gz" +distfiles="https://www.hiawatha-webserver.org/files/hiawatha-10/hiawatha-${version}.tar.gz" checksum=61bf41146c51244769984135529fcffd0f6cb92be18dc12d460effc42f19f50d conf_files="/etc/${pkgname}/*.conf /etc/${pkgname}/*.xslt" make_dirs="/var/log/hiawatha 0755 root root" +setuid="/usr/bin/cgi-wrapper" post_install() { vsv hiawatha From 62e526846d19b653fc5b28022f93cfa5223eb858 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 12:10:26 +0100 Subject: [PATCH 55/58] kismet: add $setuid --- srcpkgs/kismet/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/kismet/template b/srcpkgs/kismet/template index 48a0fc5fa6f1..b789aecc5a3e 100644 --- a/srcpkgs/kismet/template +++ b/srcpkgs/kismet/template @@ -18,6 +18,7 @@ homepage="https://www.kismetwireless.net/" distfiles="http://www.kismetwireless.net/code/${pkgname}-${_realver}.tar.xz" checksum=2149cceac5526508653f4d02dcf7a694e3da3dc000a2372a1ee4bf9988279781 system_groups="kismet" +setuid="/usr/bin/kismet_cap_rz_killerbee" if [ "$XBPS_TARGET_NO_ATOMIC8" ]; then makedepends+=" libatomic-devel" From 6e895cc3f81f15f0cabd6991fa1733e2b92b4b16 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 12:17:32 +0100 Subject: [PATCH 56/58] schroot: add $setuid --- srcpkgs/schroot/template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/srcpkgs/schroot/template b/srcpkgs/schroot/template index 36f6ee83b9a9..5204bffd1938 100644 --- a/srcpkgs/schroot/template +++ b/srcpkgs/schroot/template @@ -56,6 +56,8 @@ checksum=" 7bd4e0c2709979362c86a86c10d2b23d290d26e1a2d301a602e829327f483ec1" nocross=yes skip_extraction="schroot_${version}-${_debian_version}.debian.tar.xz" +setuid="/usr/bin/schroot + /usr/bin/dchroot" post_extract() { bsdtar -xf $XBPS_SRCDISTDIR/schroot-${version}/$skip_extraction From 445e7615eb8af8179622e5275cf75acc62a7e928 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 12:17:51 +0100 Subject: [PATCH 57/58] x2goserver: add $setgid --- srcpkgs/x2goserver/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/x2goserver/template b/srcpkgs/x2goserver/template index 0724ef53a2fa..83a7595d04fd 100644 --- a/srcpkgs/x2goserver/template +++ b/srcpkgs/x2goserver/template @@ -25,6 +25,7 @@ conf_files=" /etc/x2go/x2goagent.* /etc/x2go/x2goserver.* " +setgid="/usr/lib/x2go/libx2go-server-db-sqlite3-wrapper" post_install() { rm -rf "${DESTDIR}/etc/logcheck" From dd42f6d27c0753de21219ded90c73beedae46ad3 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 25 Feb 2023 12:22:42 +0100 Subject: [PATCH 58/58] virtualbox-ose: add $setuid --- srcpkgs/virtualbox-ose/template | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/srcpkgs/virtualbox-ose/template b/srcpkgs/virtualbox-ose/template index 4efc26f7da06..8ef1181930ce 100644 --- a/srcpkgs/virtualbox-ose/template +++ b/srcpkgs/virtualbox-ose/template @@ -30,6 +30,12 @@ fi depends="virtualbox-ose-dkms-${version}_${revision} hicolor-icon-theme desktop-file-utils dbus" system_groups="vboxusers" +setuid="/usr/lib/virtualbox/VirtualBoxVM + /usr/lib/virtualbox/VBoxNetNAT + /usr/lib/virtualbox/VBoxHeadless + /usr/lib/virtualbox/VBoxNetDHCP + /usr/lib/virtualbox/VBoxNetAdpCtl" + do_configure() { cp ${FILESDIR}/LocalConfig.kmk .