Page MenuHomeFreeBSD

net-mgmt/net-snmp: Let snmpd run as a non-root user
ClosedPublic

Authored by markj on Apr 30 2024, 8:26 PM.
Tags
None
Referenced Files
F102989023: D45031.diff
Tue, Nov 19, 1:10 PM
Unknown Object (File)
Sat, Nov 16, 5:13 PM
Unknown Object (File)
Fri, Nov 8, 8:24 AM
Unknown Object (File)
Thu, Nov 7, 6:38 PM
Unknown Object (File)
Wed, Nov 6, 6:40 PM
Unknown Object (File)
Tue, Nov 5, 9:11 AM
Unknown Object (File)
Mon, Oct 28, 10:01 PM
Unknown Object (File)
Mon, Oct 28, 10:01 PM
Subscribers
None

Details

Summary
  • Compile without /dev/kmem access. This requires a small patch which opens libkvm in a dummy mode which uses sysctls to implement most of its interfaces rather than /dev/kmem access. This way we can drop the dependency on /dev/kmem without rewriting existing code.
  • Add a new snmpd user. Configure snmpd to drop privileges once it's finished initialization.
  • Remove the JAIL option. Now that snmpd avoids using /dev/kmem, there's no need to have a special mode for running snmpd in jails.

The patch has been proposed upstream here:
https://sourceforge.net/p/net-snmp/mailman/net-snmp-coders/thread/ZjEwNV5BiTOQ-Adi%40nuc/#msg58766857

It seems to have a positive response, though hasn't been merged yet in
any form. I happy to do the work of reconciling the ports patch with
upstream if/when this lands upstream.

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Apr 30 2024, 8:26 PM
markj created this revision.
This revision was not accepted when it landed; it landed in state Needs Review.May 9 2024, 5:04 PM
This revision was automatically updated to reflect the committed changes.