Overriding gitdaemon_flags in /etc/r.conf.local will cause rc.d to run git-daemon run as root instead of the expected _gitdaemon user.
To reproduce, try an rc.conf.local line such as: gitdaemon_flags=--listen=127.0.0.1 /git This happens because the rc script currently depends on git-daemon itself to switch the user ID, rather than using rc.d's built-in mechanism which forces a UID with su(1). If the user overrides the flags, no UID switch will happen. Anyone exposing git-daemon to the public internet on an OpenBSD system should check their system. This line in rc.conf.local will force the daemon to run under its dedicated user account: gitdaemon_user=_gitdaemon Note that git-daemon does not support any of the standard exploit mitigation measures regular OpenBSD daemons provide; there is not even support for chroot(8). Fix for the port: diff 64e903a627aaf6f20b8adcb3028f2aad79137a9e /usr/ports blob - c5ddeb706f54602a8c1648ec1825eaf8cb1f99ba file + devel/git/Makefile --- devel/git/Makefile +++ devel/git/Makefile @@ -5,6 +5,7 @@ COMMENT-svn = GIT - subversion interoperability tools COMMENT-x11 = GIT - graphical tools V = 2.22.0 +REVISION = 0 DISTNAME = git-${V} PKGNAME-main = ${DISTNAME} PKGNAME-svn = git-svn-${V} blob - daf33d41548331295cd05bcb53f075781bce9b90 file + devel/git/pkg/gitdaemon.rc --- devel/git/pkg/gitdaemon.rc +++ devel/git/pkg/gitdaemon.rc @@ -3,7 +3,7 @@ # $OpenBSD: gitdaemon.rc,v 1.3 2018/01/11 19:27:02 rpe Exp $ daemon="${TRUEPREFIX}/bin/git daemon --detach" -daemon_flags="--user=_gitdaemon" +daemon_user="_gitdaemon" . /etc/rc.d/rc.subr