Overriding gitdaemon_flags in /etc/r.conf.local will cause rc.d to
run git-daemon run as root instead of the expected _gitdaemon user.
To reproduce, try an rc.conf.local line such as:
gitdaemon_flags=--listen=127.0.0.1 /git
This happens because the rc script currently depends on git-daemon itself
to switch the user ID, rather than using rc.d's built-in mechanism which
forces a UID with su(1). If the user overrides the flags, no UID switch
will happen.
Anyone exposing git-daemon to the public internet on an OpenBSD system
should check their system. This line in rc.conf.local will force the
daemon to run under its dedicated user account:
gitdaemon_user=_gitdaemon
Note that git-daemon does not support any of the standard exploit
mitigation measures regular OpenBSD daemons provide; there is not
even support for chroot(8).
Fix for the port:
diff 64e903a627aaf6f20b8adcb3028f2aad79137a9e /usr/ports
blob - c5ddeb706f54602a8c1648ec1825eaf8cb1f99ba
file + devel/git/Makefile
--- devel/git/Makefile
+++ devel/git/Makefile
@@ -5,6 +5,7 @@ COMMENT-svn = GIT - subversion interoperability tools
COMMENT-x11 = GIT - graphical tools
V = 2.22.0
+REVISION = 0
DISTNAME = git-${V}
PKGNAME-main = ${DISTNAME}
PKGNAME-svn = git-svn-${V}
blob - daf33d41548331295cd05bcb53f075781bce9b90
file + devel/git/pkg/gitdaemon.rc
--- devel/git/pkg/gitdaemon.rc
+++ devel/git/pkg/gitdaemon.rc
@@ -3,7 +3,7 @@
# $OpenBSD: gitdaemon.rc,v 1.3 2018/01/11 19:27:02 rpe Exp $
daemon="${TRUEPREFIX}/bin/git daemon --detach"
-daemon_flags="--user=_gitdaemon"
+daemon_user="_gitdaemon"
. /etc/rc.d/rc.subr
