Page MenuHomeFreeBSD

net-mgmt/net-snmp: Let snmpd run as a non-root user
ClosedPublic

Authored by markj on Apr 30 2024, 8:26 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 6, 1:05 AM
Unknown Object (File)
Tue, Dec 3, 1:22 AM
Unknown Object (File)
Sun, Dec 1, 10:38 PM
Unknown Object (File)
Sat, Nov 30, 8:33 PM
Unknown Object (File)
Mon, Nov 25, 9:12 AM
Unknown Object (File)
Sun, Nov 24, 7:37 PM
Unknown Object (File)
Wed, Nov 20, 4:18 PM
Unknown Object (File)
Wed, Nov 20, 1:13 AM
Subscribers
None

Details

Summary
  • Compile without /dev/kmem access. This requires a small patch which opens libkvm in a dummy mode which uses sysctls to implement most of its interfaces rather than /dev/kmem access. This way we can drop the dependency on /dev/kmem without rewriting existing code.
  • Add a new snmpd user. Configure snmpd to drop privileges once it's finished initialization.
  • Remove the JAIL option. Now that snmpd avoids using /dev/kmem, there's no need to have a special mode for running snmpd in jails.

The patch has been proposed upstream here:
https://sourceforge.net/p/net-snmp/mailman/net-snmp-coders/thread/ZjEwNV5BiTOQ-Adi%40nuc/#msg58766857

It seems to have a positive response, though hasn't been merged yet in
any form. I happy to do the work of reconciling the ports patch with
upstream if/when this lands upstream.

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Apr 30 2024, 8:26 PM
markj created this revision.
This revision was not accepted when it landed; it landed in state Needs Review.May 9 2024, 5:04 PM
This revision was automatically updated to reflect the committed changes.