| Summary: | net-misc/tlsdate: use dedicated user/group | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Maxim Kammerer <mk> |
| Component: | Current packages | Assignee: | SpanKY <vapier> |
| Status: | RESOLVED FIXED | ||
| Severity: | enhancement | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Maxim Kammerer
2012-12-12 15:20:46 UTC
@vapier: do you want an actual patch? This bug got tagged with PATCH during initial wrangling. i don't pay attention to that keyword as it's much more often wrong than not i'm not really convinced there's a difference between using "nobody/nogroup" and "tlsdate/tlsdate" to the system (In reply to comment #2) > i'm not really convinced there's a difference between using "nobody/nogroup" > and "tlsdate/tlsdate" to the system The difference is that with tlsdate/tlsdate, you can apply various policies to tlsdate using user/group-based control, in a way that doesn't affect other programs that also use user "nobody" (e.g. apache?). If it was a user that needs no permissions at all, "nobody" would perhaps be suitable, but tlsdate needs network access, so one can punch firewall holes for it based on uid, etc. With other daemons it is not such a big deal, because you can usually pass user/group to use on command line, but tlsdate has them hardcoded. should be all set now in the tree; thanks for the report! Commit message: Clean up compiler flag handling w/fix from upstream, and add dedicated user/group for tlsdate to use when dropping root http://sources.gentoo.org/net-misc/tlsdate/files/tlsdate-0.0.4-compiler-flags.patch?rev=1.1 http://sources.gentoo.org/net-misc/tlsdate/files/tlsdate-0.0.4-configure-user-group.patch?rev=1.1 http://sources.gentoo.org/net-misc/tlsdate/tlsdate-0.0.4-r2.ebuild?rev=1.1 |
