summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYixun Lan <dlan@gentoo.org>2020-09-26 23:05:20 +0800
committerYixun Lan <dlan@gentoo.org>2020-09-27 16:14:10 +0800
commit34fde22d157226fb9bae167225265d6724588186 (patch)
tree54a3defc411810115ae0e7fa30dc361dc5ad098d /net-proxy/shadowsocks-libev/files
parentdev-perl/List-MoreUtils: keyword riscv (diff)
downloadgentoo-34fde22d157226fb9bae167225265d6724588186.tar.gz
gentoo-34fde22d157226fb9bae167225265d6724588186.tar.bz2
gentoo-34fde22d157226fb9bae167225265d6724588186.zip
net-proxy/shadowsocks-libev: run as non-privilege user
* fix security issue, run as non-root user * use systemd unit files from the package source Bug: https://bugs.gentoo.org/731058 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: Yixun Lan <dlan@gentoo.org>
Diffstat (limited to 'net-proxy/shadowsocks-libev/files')
-rw-r--r--net-proxy/shadowsocks-libev/files/shadowsocks-libev-local_at.service11
-rw-r--r--net-proxy/shadowsocks-libev/files/shadowsocks-libev-redir_at.service11
-rw-r--r--net-proxy/shadowsocks-libev/files/shadowsocks-libev-server_at.service11
-rw-r--r--net-proxy/shadowsocks-libev/files/shadowsocks-libev-tunnel_at.service11
-rw-r--r--net-proxy/shadowsocks-libev/files/shadowsocks.initd9
5 files changed, 6 insertions, 47 deletions
diff --git a/net-proxy/shadowsocks-libev/files/shadowsocks-libev-local_at.service b/net-proxy/shadowsocks-libev/files/shadowsocks-libev-local_at.service
deleted file mode 100644
index af137178380..00000000000
--- a/net-proxy/shadowsocks-libev/files/shadowsocks-libev-local_at.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Shadowsocks-Libev Client Service for %I
-After=network.target
-
-[Service]
-Type=simple
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-ExecStart=/usr/bin/ss-local -c /etc/shadowsocks-libev/%i.json
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-proxy/shadowsocks-libev/files/shadowsocks-libev-redir_at.service b/net-proxy/shadowsocks-libev/files/shadowsocks-libev-redir_at.service
deleted file mode 100644
index 1ced8f45440..00000000000
--- a/net-proxy/shadowsocks-libev/files/shadowsocks-libev-redir_at.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Shadowsocks-Libev Client Service Redir Mode for %I
-After=network.target
-
-[Service]
-Type=simple
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks-libev/%i.json
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-proxy/shadowsocks-libev/files/shadowsocks-libev-server_at.service b/net-proxy/shadowsocks-libev/files/shadowsocks-libev-server_at.service
deleted file mode 100644
index 58d934bdb1d..00000000000
--- a/net-proxy/shadowsocks-libev/files/shadowsocks-libev-server_at.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Shadowsocks-Libev Server Service for %I
-After=network.target
-
-[Service]
-Type=simple
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-ExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/%i.json
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-proxy/shadowsocks-libev/files/shadowsocks-libev-tunnel_at.service b/net-proxy/shadowsocks-libev/files/shadowsocks-libev-tunnel_at.service
deleted file mode 100644
index 24b31d5a1cd..00000000000
--- a/net-proxy/shadowsocks-libev/files/shadowsocks-libev-tunnel_at.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Shadowsocks-Libev Client Service Tunnel Mode for %I
-After=network.target
-
-[Service]
-Type=simple
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks-libev/%i.json
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-proxy/shadowsocks-libev/files/shadowsocks.initd b/net-proxy/shadowsocks-libev/files/shadowsocks.initd
index 2ccd114485b..994ba23e3b8 100644
--- a/net-proxy/shadowsocks-libev/files/shadowsocks.initd
+++ b/net-proxy/shadowsocks-libev/files/shadowsocks.initd
@@ -1,5 +1,5 @@
#!/sbin/openrc-run
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
SS_CONFIG="/etc/shadowsocks-libev/shadowsocks.json"
@@ -49,13 +49,16 @@ start() {
ebegin "Starting Shadowsocks: ${SS_SVCNAME} mode"
start-stop-daemon --start --exec ${SS_COMMAND} \
- -- -c ${SS_CONFIG} -f ${SS_PIDFILE} >/dev/null 2>&1 &
+ --user nobody --group nobody \
+ -- -c ${SS_CONFIG} -f ${SS_PIDFILE} >/dev/null 2>&1 &
eend $?
}
stop() {
ebegin "Stopping Shadowsocks"
- start-stop-daemon --stop --pidfile ${SS_PIDFILE}
+ start-stop-daemon --stop \
+ --user nobody --group nobody \
+ --pidfile ${SS_PIDFILE}
eend $?
}