Hello,
I've made the changes that you requested and attached the updated version.
I'm not knowledgeable enough to comment on whether a new user should be
created
for this port. Though I do feel that with pledge it is "secure enough"
even when ran as root,
considering that after parsing the config files, only "stdio inet dns"
are allowed. File access
is completely revoked. So even when ran as root, if it is somehow
exploited to run arbitrary
bytecode, which is quite unlikely since it is written in Golang, the
damage it can do is very
minimal.
Thanks,
Wind
On 4/12/22 15:16, Stuart Henderson wrote:
> Please use modules.inc for the MODGO_* mess and add a "# uses pledge()"
> comment near WANTLIB
>
> s/Wireguard/WireGuard/
>
> I'm in two minds as to whether it should run as root or not. Looks like
> it doesn't need to? OTOH we are creeping closer to uid 1000 in ports
> (and some people work backwards from there for locally added daemons)
> and with the pledge it might not help all that much.
>
>
> On 2022/04/12 13:17, octeep wrote:
>> Hi all,
>>
>> I've attached a new port for wireproxy intended for it to be imported
>> after port unlock.
>>
>> wireproxy is a wireguard client that exposes itself as a socks5 proxy or
>> tunnels. It is a completely userspace application that connects to a
>> wireguard peer, and exposes a socks5 proxy or tunnels on the machine.
>> This can be useful if you need to connect to certain sites via a
>> wireguard peer, but can't be bothered to setup a new network interface
>> for whatever reasons.
>>
>>
>> Any opinions?
>>
>> Thanks,
>>
>> octeep
>
No comments:
Post a Comment