Fri Jun 28 17:01:31 2019 UTC ()
bind*: Remove privileges from SMF method script.

This inadvertently opened up the named process to more privileges than
necessary and could be considered a security risk.  This may affect chroot
support, adding back in support for that will need to be done carefully.

Bump PKGREVISIONs.


(jperkin)
diff -r1.10 -r1.11 pkgsrc/net/bind911/Makefile
diff -r1.3 -r1.4 pkgsrc/net/bind911/files/smf/named.sh
diff -r1.12 -r1.13 pkgsrc/net/bind912/Makefile
diff -r1.3 -r1.4 pkgsrc/net/bind912/files/smf/named.sh
diff -r1.6 -r1.7 pkgsrc/net/bind914/Makefile
diff -r1.2 -r1.3 pkgsrc/net/bind914/files/smf/named.sh
cvs diff -r1.10 -r1.11 pkgsrc/net/bind911/Attic/Makefile (expand / switch to context diff)
--- pkgsrc/net/bind911/Attic/Makefile 2019/06/20 02:13:58 1.10
+++ pkgsrc/net/bind911/Attic/Makefile 2019/06/28 17:01:30 1.11
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2019/06/20 02:13:58 taca Exp $
+# $NetBSD: Makefile,v 1.11 2019/06/28 17:01:30 jperkin Exp $
 
 DISTNAME=	bind-${BIND_VERSION}
 PKGNAME=	${DISTNAME:S/-P/pl/}
+PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
cvs diff -r1.3 -r1.4 pkgsrc/net/bind911/files/smf/Attic/named.sh (expand / switch to context diff)
--- pkgsrc/net/bind911/files/smf/Attic/named.sh 2019/06/19 10:58:48 1.3
+++ pkgsrc/net/bind911/files/smf/Attic/named.sh 2019/06/28 17:01:30 1.4
@@ -239,7 +239,7 @@
     if [ ${result} = ${SMF_EXIT_OK} ]; then
 	echo "$I: Executing: ${server} ${cmdopts}"
 	# Execute named(1M) with relevant command line options.
-	ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+	${server} ${cmdopts}
 	result=$?
     fi
     ;;
cvs diff -r1.12 -r1.13 pkgsrc/net/bind912/Attic/Makefile (expand / switch to context diff)
--- pkgsrc/net/bind912/Attic/Makefile 2019/06/20 02:15:20 1.12
+++ pkgsrc/net/bind912/Attic/Makefile 2019/06/28 17:01:30 1.13
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.12 2019/06/20 02:15:20 taca Exp $
+# $NetBSD: Makefile,v 1.13 2019/06/28 17:01:30 jperkin Exp $
 
 DISTNAME=	bind-${BIND_VERSION}
 PKGNAME=	${DISTNAME:S/-P/pl/}
+PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
cvs diff -r1.3 -r1.4 pkgsrc/net/bind912/files/smf/Attic/named.sh (expand / switch to context diff)
--- pkgsrc/net/bind912/files/smf/Attic/named.sh 2019/06/19 10:58:49 1.3
+++ pkgsrc/net/bind912/files/smf/Attic/named.sh 2019/06/28 17:01:30 1.4
@@ -239,7 +239,7 @@
     if [ ${result} = ${SMF_EXIT_OK} ]; then
 	echo "$I: Executing: ${server} ${cmdopts}"
 	# Execute named(1M) with relevant command line options.
-	ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+	${server} ${cmdopts}
 	result=$?
     fi
     ;;
cvs diff -r1.6 -r1.7 pkgsrc/net/bind914/Attic/Makefile (expand / switch to context diff)
--- pkgsrc/net/bind914/Attic/Makefile 2019/06/20 02:16:53 1.6
+++ pkgsrc/net/bind914/Attic/Makefile 2019/06/28 17:01:30 1.7
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2019/06/20 02:16:53 taca Exp $
+# $NetBSD: Makefile,v 1.7 2019/06/28 17:01:30 jperkin Exp $
 
 DISTNAME=	bind-${BIND_VERSION}
 PKGNAME=	${DISTNAME:S/-P/pl/}
+PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
cvs diff -r1.2 -r1.3 pkgsrc/net/bind914/files/smf/Attic/named.sh (expand / switch to context diff)
--- pkgsrc/net/bind914/files/smf/Attic/named.sh 2019/06/19 10:58:49 1.2
+++ pkgsrc/net/bind914/files/smf/Attic/named.sh 2019/06/28 17:01:30 1.3
@@ -239,7 +239,7 @@
     if [ ${result} = ${SMF_EXIT_OK} ]; then
 	echo "$I: Executing: ${server} ${cmdopts}"
 	# Execute named(1M) with relevant command line options.
-	ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+	${server} ${cmdopts}
 	result=$?
     fi
     ;;