- security/tor: Implemented setuid feature

*The user should add tor_setuid=YES to /etc/rc.conf
  to make tor do setuid in runtime after opening the
  externally provided files.

PR:		218587
Submitted by:	xmj
Approved by:	Yuri Victorovich <yuri at rawbw.com> (maintainer)
Approved by:	miwi (mentor)
Differential Revision:	https://reviews.freebsd.org/D11223

security/tor/Makefile

@@ -3,6 +3,7 @@
 
 PORTNAME=	tor
 PORTVERSION=	0.3.0.8
+PORTREVISION=	1
 CATEGORIES=	security net ipv6
 MASTER_SITES=	TOR
 

security/tor/files/tor.in

@@ -21,6 +21,7 @@
 # tor_disable_default_instance (str):	Doesn't run the default instance.
 #			Only valid when tor_instances is used.
 #			Default: NO
+# tor_setuid (str):	Runtime setuid.  Default: NO
 #
 # The instance definition that tor_instances expects:
 # inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir}
@@ -42,6 +43,7 @@ load_rc_config ${name}
 : ${tor_pidfile="/var/run/tor/tor.pid"}
 : ${tor_datadir="/var/db/tor"}
 : ${tor_disable_default_instance="NO"}
+: ${tor_setuid="NO"}
 
 instance=${slave_instance}
 if [ -n "${instance}" ]; then
@@ -112,6 +114,18 @@ command="%%PREFIX%%/bin/${name}"
 command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir}"
 extra_commands="reload"
 
+if [ $tor_setuid = "YES" ]; then
+  if ! grep -q "^User ${tor_user}$" ${tor_conf}; then
+    echo "User ${tor_user}" >> ${tor_conf}
+  fi
+  tor_user="root"
+  tor_group="wheel"
+else
+  if grep -q "^User ${tor_user}$" ${tor_conf}; then
+    sed -i '' -e "s/^User ${tor_user}$//" ${tor_conf}
+  fi
+fi
+
 if ! run_rc_command "$1"; then
   exit_code=1
 fi