111373 – =net-analyzer/arpwatch-2.1.11-r1 misses -u option

Bug 111373 - =net-analyzer/arpwatch-2.1.11-r1 misses -u option

Summary: =net-analyzer/arpwatch-2.1.11-r1 misses -u option

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Netmon project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-11-03 10:11 UTC by Wolfram Schlich (RETIRED)
Modified:	2005-12-07 06:55 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfram Schlich (RETIRED) gentoo-dev

2005-11-03 10:11:51 UTC

arpwatch gets patched with arpwatch-2.1.11-r1.diff.gz
this patch adds the -u option to the manpage but not to
the program itself. as I'd like to be able to actually
use that option for security reasons (it would make
arpwatch drop root privs), can we please have the
functionality added?
also it would make sense to add a special user and group
to the system, both named arpwatch and have -u enabled
by default in the /etc/init.d/arpwatch or at least
/etc/conf.d/arpwatch. /var/arpwatch/ will then have to be
owned by that user/group combination as well.

Comment 1 Benjamin Smee (strerror) (RETIRED) gentoo-dev

2005-11-03 12:21:41 UTC

I just had a look at this bug. After reading the patch there is nothing in there
that would create the drop privs so its not a question of the patch misapplying,
rather there needs be a different patch with that functionality. I had a quick
look over at packages.debian.org and couldn't see it there so unless you can
point me to the patch that gives this functionality i'm tempted to remove the
changes to the man page and close this bug (perhaps after changing the ebuild a
little to be a bit more compliant in its file placement, ie to /var/lib/arpwatch).

Comment 2 Wolfram Schlich (RETIRED) gentoo-dev

2005-11-03 14:57:25 UTC

The RedHat SRPM contains that patch, along with others:
http://ftp.redhat.com/pub/redhat/linux/enterprise/4/en/os/i386/SRPMS/tcpdump-3.8.2-7.src.rpm
Can we please merge it?

Comment 3 Wolfram Schlich (RETIRED) gentoo-dev

2005-11-10 02:00:25 UTC

Any news here?

Comment 4 Wolfram Schlich (RETIRED) gentoo-dev

2005-11-26 07:06:25 UTC

*push*

Any reason no to merge the forementioned patch?!

Comment 5 Benjamin Smee (strerror) (RETIRED) gentoo-dev

2005-11-26 10:42:15 UTC

The reason was that all the patches we had and the one you gave me conflicted.
Anyway given that I was in a nice mood I rewrote the relevant ones and made a
new patchfile. I have rewritten the ebuild and revbumped it while I was at it.
Check out cvs and let me know how it is.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-06 16:03:40 UTC

It missses the pkg_setup so a new user is new user created.

Comment 7 Wolfram Schlich (RETIRED) gentoo-dev

2005-12-06 16:39:44 UTC

--8<--
pkg_postinst() {
        einfo "If you want arpwatch to at boot then type:"
        ewarn "      rc-update add arpwatch default"
}
--8<--
it should say "to START at boot"...

Comment 8 Benjamin Smee (strerror) (RETIRED) gentoo-dev

2005-12-07 06:55:04 UTC

Fixed the typo in init script. Rewrote the part that was causing problems with
the previous version of arpwatch. I would like to do something about the current
"stable" version as well as it does not work in its current form, but i'll open
another bug about that. Thanks input.