On Sun, 21 Jan 2018 17:59:26 +0100, Björn Ketelaars
<bjorn.ketelaars@hydroxide.nl> wrote:
> diff --git net/sslh/patches/patch-basic_cfg
> net/sslh/patches/patch-basic_cfg index b2971871443..bd0f31b1bad 100644
> --- net/sslh/patches/patch-basic_cfg
> +++ net/sslh/patches/patch-basic_cfg
> @@ -1,6 +1,7 @@
> $OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26 landry Exp $
> ---- basic.cfg.orig Fri Feb 5 16:46:47 2016
> -+++ basic.cfg Sat Mar 19 20:28:39 2016
> +Index: basic.cfg
> +--- basic.cfg.orig
> ++++ basic.cfg
> @@ -7,7 +7,7 @@ inetd: false;
> numeric: false;
> transparent: false;
> @@ -8,5 +9,5 @@ $OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26
> landry Exp $ -user: "nobody";
> +user: "_sslh";
> pidfile: "/var/run/sslh.pid";
> -
> + chroot: "/var/empty";
sslh supports OpenVPN. Our OpenVPN README says
(tail -n1 /usr/ports/net/openvpn/pkg/README):
chroot /var/empty
So it's possible that users may run two software both
chrooting /var/empty. Can't it be a security 'imperfectness'?
Cheers,
Daniel
No comments:
Post a Comment