dictd(8) drops privileges to nonexistent "dictd" and "nobody" in that order, if started as root.
Recycle an old ID from 2016 as new "_dictd". Provide an rc script so I can 'rcctl enable dictd' instead of running it as my own user. This way we can make the service listen on localhost instead of the wildcard address by default, which I consider a saner default. It won't start until you provide /etc/dictd.conf, but that's fine. The port ships a manual and examples. Feedback? Objection? OK? Index: infrastructure/db/user.list =================================================================== RCS file: /cvs/ports/infrastructure/db/user.list,v diff -u -p -r1.430 user.list --- infrastructure/db/user.list 15 Aug 2023 15:54:30 -0000 1.430 +++ infrastructure/db/user.list 22 Oct 2023 00:27:24 -0000 @@ -30,7 +30,7 @@ id user group port 519 _news _news news/leafnode 520 _majordomo _majordomo mail/majordomo 521 _exim _exim mail/exim -#522 _xcept _xcept comms/xcept +522 _dictd _dictd net/dictd,-server 523 _ffproxy _ffproxy www/ffproxy #524 _mail mail/openwebmail 525 _quagga _quagga net/quagga Index: net/dictd/Makefile =================================================================== RCS file: /cvs/ports/net/dictd/Makefile,v diff -u -p -r1.17 Makefile --- net/dictd/Makefile 26 Oct 2023 16:49:27 -0000 1.17 +++ net/dictd/Makefile 26 Oct 2023 19:35:35 -0000 @@ -4,12 +4,20 @@ COMMENT-server= Dictionary Server Protoc V= 1.13.1 DISTNAME= dictd-$V +# for dictd.rc pexp +V_REGEX= ${V:S/./\./g} +SUBST_VARS= V_REGEX + PKGNAME-main= dictd-client-$V PKGNAME-server= dictd-server-$V +REVISION-main=0 +REVISION-server=0 CATEGORIES= net education HOMEPAGE= https://www.dict.org + +MAINTAINER= Klemens Nanni <k...@openbsd.org> # GPL v2 PERMIT_PACKAGE= Yes Index: net/dictd/patches/patch-dictd_c =================================================================== RCS file: net/dictd/patches/patch-dictd_c diff -N net/dictd/patches/patch-dictd_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/dictd/patches/patch-dictd_c 26 Oct 2023 19:34:14 -0000 @@ -0,0 +1,17 @@ +use dedicated _dictd user/group + +Index: dictd.c +--- dictd.c.orig ++++ dictd.c +@@ -1269,9 +1272,9 @@ static void release_root_privileges( void ) + if (geteuid() == 0) { + struct passwd *pwd; + +- if ((pwd = getpwnam("dictd"))) { ++ if ((pwd = getpwnam("_dictd"))) { + setgid(pwd->pw_gid); +- initgroups("dictd",pwd->pw_gid); ++ initgroups("_dictd",pwd->pw_gid); + setuid(pwd->pw_uid); + } else if ((pwd = getpwnam("nobody"))) { + setgid(pwd->pw_gid); Index: net/dictd/pkg/PLIST-server =================================================================== RCS file: /cvs/ports/net/dictd/pkg/PLIST-server,v diff -u -p -r1.3 PLIST-server --- net/dictd/pkg/PLIST-server 26 Oct 2023 16:49:27 -0000 1.3 +++ net/dictd/pkg/PLIST-server 26 Oct 2023 19:25:08 -0000 @@ -1,3 +1,6 @@ +@newgroup _dictd:522 +@newuser _dictd:522:_dictd::dictd Account:/nonexistent:/sbin/nologin +@rcscript ${RCDIR}/dictd bin/colorit bin/dictdplugin-config @bin bin/dictfmt Index: net/dictd/pkg/dictd.rc =================================================================== RCS file: net/dictd/pkg/dictd.rc diff -N net/dictd/pkg/dictd.rc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/dictd/pkg/dictd.rc 26 Oct 2023 16:59:24 -0000 @@ -0,0 +1,10 @@ +#!/bin/ksh + +daemon="/usr/local/sbin/dictd" +daemon_args="--listen-to localhost" + +. /etc/rc.d/rc.subr + +pexp="${daemon##*/} ${V_REGEX}: [0-9]+/[0-9]+" + +rc_cmd $1