-Patch SECURITY doc to include note about bypassing rsync argument checking with popt (from upstream) and tell people to read it

-Drop long comment describing knobs - it just duplicates OPTIONS -For SCPONLY_DEFAULT_CHDIR, print a note about setting it. I'm not sure if post-patch is the best place for this, though? -Drop dead site and just use Sourceforge -Use the PORTDOCS variable -Install some useful docs and drop useless one (TODO) -Drop pre-everything message about defaults changing; that was 5 years ago -LOCALBASE vs. PREFIX correction -Add post-install messages to the plist so package users see them too PR: ports/153115 Submitted by: Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
svn path=/head/; revision=266327
2025-05-25 07:26:29 -04:00 · 2010-12-15 07:12:02 +00:00 · 2010-12-15 07:12:02 +00:00 · f08bff30cb · 2021-03-31 03:12:20 +00:00
commit f08bff30cb
parent 6cddd349b0
3 changed files with 56 additions and 81 deletions
--- a/shells/scponly/Makefile
+++ b/shells/scponly/Makefile
@ -5,76 +5,11 @@
 # $FreeBSD$
 #

-# There are many knobs to tune scponly towards your specific wishes
-# and preferences.
-# You can activate a knob by typing something like
-# "make -DKNOB" or "make KNOB=yes" instead of just "make"
-#
-# A description of the several possibilities is available here:
-#
-#
-# Core funcionality:
-#
-# SCPONLY_DEFAULT_CHDIR=DIR
-# default: undefined
-# example: public_html
-# define if you want to make users `cd' to this directory after authentication
-#
-# WITHOUT_SCPONLY_WILDCARDS
-# default: undefined
-# define if you want to disable wildcard processing.
-#
-# WITHOUT_SCPONLY_GFTP
-# default: undefined
-# define if you want to disable gftp compatibility.
-#
-# WITH_SCPONLY_CHROOT
-# default: undefined
-# define if you want to use chroot functionality (set UID to root).
-#
-# WITH_SCPONLY_RSYNC
-# default: undefined
-# define if you want to enable rsync compatibility.
-#
-# WITH_SCPONLY_SCP
-# default: undefined
-# define if you want to enable vanilla scp compatibility.
-#
-# WITH_SCPONLY_SFTP_LOGGING
-# default: undefined
-# define if you want to enable sftp logging compatibility.
-#
-# WITH_SCPONLY_SVN
-# default: undefined
-# define if you want to enable subversion compatibility.
-#
-# WITH_SCPONLY_SVNSERVE
-# default: undefined
-# define if you want to enable subversion compatibility with svn+ssh://
-#
-# WITH_SCPONLY_UNISON
-# default: undefined
-# define if you want to enable unison compatibility.
-#
-# WITH_SCPONLY_WINSCP
-# default: undefined
-# define if you want to enable WinSCP compatibility.
-#
-#
-# Additional knobs:
-#
-# NOPORTDOCS
-# default: undefined
-# This knob prevents the ports system from installing additional
-# documentation. If you define this, only the manpage is going
-# to be installed.
-
 PORTNAME=	scponly
 PORTVERSION=	4.8
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	shells security
-MASTER_SITES=	http://www.sublimation.org/scponly/ \
-		SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
+MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
 EXTRACT_SUFX=	.tgz

 MAINTAINER=	rfarmer@predatorlabs.net
@ -82,6 +17,8 @@ COMMENT=	A tiny shell that only permits scp and sftp

 MAN8=		scponly.8

+PORTDOCS=	BUILDING-JAILS.TXT INSTALL README SECURITY
+
 GNU_CONFIGURE=	yes

 OPTIONS=	SCPONLY_WILDCARDS "wildcards processing" on \
@ -153,14 +90,10 @@ CONFIGURE_ARGS+=--enable-unison-compat
 CONFIGURE_ARGS+=--enable-winscp-compat
 .endif

-pre-everything::
-	@${ECHO_MSG} "From scponly 4.2, scp & WinSCP compatibilities are not"
-	@${ECHO_MSG} "enabled by default.  To enable those compatibilities,"
-	@${ECHO_MSG} "define WITH_SCPONLY_SCP and/or WITH_SCPONLY_WINSCP,"
-	@${ECHO_MSG} "respectively."
-	@${ECHO_MSG} ""
-	@${ECHO_MSG} "You can enable chroot functionality by defining WITH_SCPONLY_CHROOT."
-	@${ECHO_MSG} ""
+post-patch:
+	@${ECHO_MSG} "In addition to knobs available from the OPTIONS dialog,"
+	@${ECHO_MSG} "you may set SCPONLY_DEFAULT_CHDIR to make users 'cd' to"
+	@${ECHO_MSG} "this directory after authentication."

 post-install:
 	@${ECHO_MSG} "Updating /etc/shells"
@ -180,14 +113,19 @@ post-install:
 	@${ECHO_MSG} "To setup chroot cage, run the following commands:"
 	@${ECHO_MSG} "  1) cd ${EXAMPLESDIR}/ && ${SH} setup_chroot.sh"
 	@${ECHO_MSG} "  2) Set scponlyc_enable=\"YES\" in /etc/rc.conf"
-	@${ECHO_MSG} "  3) Run ${LOCALBASE}/etc/rc.d/scponly start"
+	@${ECHO_MSG} "  3) Run ${PREFIX}/etc/rc.d/scponly start"
 	@${ECHO_MSG} ""
 .endif
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
-.for i in README INSTALL TODO
+.for i in ${PORTDOCS}
 	@${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
 .endfor
+	@${ECHO_MSG} ""
+	@${ECHO_MSG} "For information on several potential security concerns,"
+	@${ECHO_MSG} "please read:"
+	@${ECHO_MSG} "${DOCSDIR}/SECURITY"
+	@${ECHO_MSG} ""
 .endif

 .include <bsd.port.post.mk>
--- a/shells/scponly/files/patch-SECURITY
+++ b/shells/scponly/files/patch-SECURITY
@ -0,0 +1,32 @@
+--- SECURITY.orig	2010-12-10 15:03:24.950162769 -0800
+++ SECURITY	2010-12-10 15:03:31.669374009 -0800
+@@ -28,6 +28,10 @@
+ 
+ 	  svn, svnserve, rsync, and unison
+ 
+	  Note specifically that rsync uses popt for parsing command line arguments
+	  and popt explicitly checks /etc/popt and $HOME/.popt for aliases. Thus,
+	  users can likely bypass argument checking for rsync.
+
+ 4) Make sure that all files required for the chroot have the IMMUTABLE and
+    UNDELETABLE bits set.  Other bits might also be prudent. See: man 1 chattr.
+ 
+@@ -39,13 +43,16 @@
+    ~/.ssh, ~/.unison, ~/.subversion
+ 
+    NOTE: depending on file permissions in the above, ssh, unison, and
+-   subversion may not work correctly.
+   subversion may not work correctly.  Also note that the location of the
+   above directories is sometimes system dependent, so please check the
+   documentation specific to your system.
+ 
+ 7) Make sure that every directory the users have write permissions to are
+    on a filesystem that is mounted NODEV, NOEXEC.  Eg. Make sure that they
+    cannot execute files that they have permissions to upload.  They should
+    also not need permissions to create any devices.  If the user can't execute
+-   any files that he has access to upload, then you need not worry about the
+   any files that he has access to upload and the executable files on the
+   system are not considered harmful, then you need not worry about the
+    security problems referencing svn/svnserve above!
+ 
+ 8) Monitor your logs!  If you start to see something funny, odd, or strange in
--- a/shells/scponly/pkg-plist
+++ b/shells/scponly/pkg-plist
@ -1,15 +1,20 @@
 bin/scponly
@exec echo "Updating /etc/shells"; cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak; echo %D/%F) >/etc/shells; rm -f /etc/shells.bak
@unexec echo "Updating /etc/shells"; cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak) >/etc/shells; rm -f /etc/shells.bak
+%%SCPONLY_CHROOT%%@exec echo ""
+%%SCPONLY_CHROOT%%@exec echo "To setup chroot cage, run the following commands:"
+%%SCPONLY_CHROOT%%@exec echo "  1) cd %%PREFIX%%/%%EXAMPLESDIR%%/ && /bin/sh setup_chroot.sh"
+%%SCPONLY_CHROOT%%@exec echo "  2) Set scponlyc_enable=\"YES\" in /etc/rc.conf"
+%%SCPONLY_CHROOT%%@exec echo "  3) Run %%PREFIX%%/etc/rc.d/scponly start"
+%%PORTDOCS%%@exec echo ""
+%%PORTDOCS%%@exec echo "For information on several potential security concerns,"
+%%PORTDOCS%%@exec echo "please read:"
+%%PORTDOCS%%@exec echo "%%PREFIX%%/%%DOCSDIR%%/SECURITY"
 %%SCPONLY_CHROOT%%sbin/scponlyc
 %%SCPONLY_CHROOT%%@exec cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak; echo %D/%F) >/etc/shells; rm -f /etc/shells.bak
 %%SCPONLY_CHROOT%%@unexec cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak) >/etc/shells; rm -f /etc/shells.bak
 %%SCPONLY_CHROOT%%%%EXAMPLESDIR%%/setup_chroot.sh
 %%SCPONLY_CHROOT%%%%EXAMPLESDIR%%/config.h
 etc/scponly/debuglevel
-%%PORTDOCS%%%%DOCSDIR%%/README
-%%PORTDOCS%%%%DOCSDIR%%/INSTALL
-%%PORTDOCS%%%%DOCSDIR%%/TODO
@dirrm etc/scponly
-%%PORTDOCS%%@dirrm %%DOCSDIR%%
 %%SCPONLY_CHROOT%%@dirrm %%EXAMPLESDIR%%