On Sun, 21 Jan 2018 17:59:26 +0100, Björn Ketelaars <[email protected]> wrote:
> diff --git net/sslh/patches/patch-basic_cfg > net/sslh/patches/patch-basic_cfg index b2971871443..bd0f31b1bad 100644 > --- net/sslh/patches/patch-basic_cfg > +++ net/sslh/patches/patch-basic_cfg > @@ -1,6 +1,7 @@ > $OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26 landry Exp $ > ---- basic.cfg.orig Fri Feb 5 16:46:47 2016 > -+++ basic.cfg Sat Mar 19 20:28:39 2016 > +Index: basic.cfg > +--- basic.cfg.orig > ++++ basic.cfg > @@ -7,7 +7,7 @@ inetd: false; > numeric: false; > transparent: false; > @@ -8,5 +9,5 @@ $OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26 > landry Exp $ -user: "nobody"; > +user: "_sslh"; > pidfile: "/var/run/sslh.pid"; > - > + chroot: "/var/empty"; sslh supports OpenVPN. Our OpenVPN README says (tail -n1 /usr/ports/net/openvpn/pkg/README): chroot /var/empty So it's possible that users may run two software both chrooting /var/empty. Can't it be a security 'imperfectness'? Cheers, Daniel
