FreshPorts -- security/py-privleap: Limited Privilege Escalation Framework

Port details

py-privleap Limited Privilege Escalation Framework

5.7.1_1 security =0 Package not present on quarterly.This port was created during this quarter. It will be in the next quarterly branch but not the current one.

Maintainer: dtxdf@FreeBSD.org

Port Added: 2026-05-25 17:51:14

Last Update: 2026-05-25 22:58:27

Commit Hash: d364dde

Also Listed In: python

License: AGPLv3

WWW:

https://www.kicksecure.com/wiki/Privleap

Description:

privleap is a privilege escalation framework similar in purpose to sudo and doas, but very different conceptually. It is designed to allow user-level applications to run very specific operations as root without allowing full root control of the machine. Unlike directly executable privilege escalation frameworks like sudo, privleap runs as a background service that listens for signals from other applications. Each signal can request a particular, pre-configured action to be taken. Signals are authenticated, and each action is taken only if the signal passes authentication. Any console output from the action is then returned to the caller. This system allows privleap to function without being SUID-root, and avoids a lot of the potential pitfalls of sudo, doas, run0, etc.

¦ ¦ ¦ ¦

Manual pages:

pkg-plist: as obtained via: make generate-plist

Expand this list (33 items)

Collapse this list.

/usr/local/share/licenses/py313-privleap-5.7.1_1/catalog.mk
/usr/local/share/licenses/py313-privleap-5.7.1_1/LICENSE
/usr/local/share/licenses/py313-privleap-5.7.1_1/AGPLv3
bin/leapctl
bin/leaprun
bin/privleapd
etc/pam.d/privleapd
etc/privleap/conf.d/privleap.conf
lib/python3.13/site-packages/privleap/__init__.py
lib/python3.13/site-packages/privleap/__pycache__/__init__.cpython-313.opt-2.pyc
lib/python3.13/site-packages/privleap/__pycache__/leapctl.cpython-313.opt-2.pyc
lib/python3.13/site-packages/privleap/__pycache__/leaprun.cpython-313.opt-2.pyc
lib/python3.13/site-packages/privleap/__pycache__/privleap.cpython-313.opt-2.pyc
lib/python3.13/site-packages/privleap/__pycache__/privleapd.cpython-313.opt-2.pyc
lib/python3.13/site-packages/privleap/leapctl.py
lib/python3.13/site-packages/privleap/leaprun.py
lib/python3.13/site-packages/privleap/privleap.py
lib/python3.13/site-packages/privleap/privleapd.py
lib/python3.13/site-packages/privleap/tests/__init__.py
lib/python3.13/site-packages/privleap/tests/__pycache__/__init__.cpython-313.opt-2.pyc
lib/python3.13/site-packages/privleap/tests/__pycache__/run_test.cpython-313.opt-2.pyc
lib/python3.13/site-packages/privleap/tests/__pycache__/run_test_util.cpython-313.opt-2.pyc
lib/python3.13/site-packages/privleap/tests/run_test.py
lib/python3.13/site-packages/privleap/tests/run_test_util.py
libexec/privleap/shim.py
libexec/privleap/pam_create_socket.sh
share/man/man1/privleapd.1.gz
share/man/man5/privleap.conf.d.5.gz
share/man/man8/leapctl.8.gz
share/man/man8/leaprun.8.gz
@owner
@group
@mode

Collapse this list.

USE_RC_SUBR (Service Scripts)

privleapd

Dependency lines:

${PYTHON_PKGNAMEPREFIX}privleap>0:security/py-privleap@${PY_FLAVOR}

To install the port:

cd /usr/ports/security/py-privleap/ && make install clean

To add the package, run one of these commands:

pkg install security/py-privleap
pkg install py313-privleap

NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
NOTE: This is a Python port. Instead of py313-privleap listed in the above command, you can pick from the names under the Packages section.

PKGNAME: py313-privleap

Flavors: there is no flavor information for this port.

distinfo:

TIMESTAMP = 1779647261 SHA256 (Kicksecure-privleap-5.7-1_GH0.tar.gz) = 6ee88c2fbe1e868691ff5634994cf22d613e91abe8eba5b82083d875ac54afb5 SIZE (Kicksecure-privleap-5.7-1_GH0.tar.gz) = 120717

Packages (timestamps in pop-ups are UTC):

py313-privleap
ABI	aarch64	amd64	armv6	armv7	i386	powerpc	powerpc64	powerpc64le
FreeBSD:13:latest	-	-	-	-	-	n/a	n/a	n/a
FreeBSD:13:quarterly	-	-	-	-	-	n/a	n/a	n/a
FreeBSD:14:latest	-	5.7.1_1	-	-	5.7.1_1	-	-	-
FreeBSD:14:quarterly	-	-	-	-	-	-	-	-
FreeBSD:15:latest	-	5.7.1_1	n/a	-	n/a	n/a	-	-
FreeBSD:15:quarterly	-	-	n/a	-	n/a	n/a	-	-
FreeBSD:16:latest	-	5.7.1_1	n/a	-	n/a	n/a	-	-

Dependencies

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:

python3.13 : lang/python313

Test dependencies:

python3.13 : lang/python313

Runtime dependencies:

py313-PAM>=0 : security/py-PAM@py313
python3.13 : lang/python313

There are no ports dependent upon this port

Configuration Options:

No options to configure

Options name:

security_py-privleap

USES:

python:3.13+ shebangfix

pkg-message:

For install:: pam_exec(8) could be used to call leapctl(8) to create the communication socket required by leaprun(8) by simply adding the following to a PAM policy file: session optional pam_exec.so /usr/local/libexec/privleap/pam_create_socket.sh

Master Sites:

Expand this list (1 items)

Collapse this list.

https://codeload.github.com/Kicksecure/privleap/tar.gz/5.7-1?dummy=/

Collapse this list.

Number of commits found: 2

Commit History - (may be incomplete: for full details, see links to repositories near top of page)

Commit

Credits

Log message

5.7.1_1
25 May 2026 22:58:27

Jesús Daniel Colmenares Oviedo (dtxdf)

security/py-privleap: Implement reload command in rc(8) script

5.7.1
25 May 2026 17:47:38

Jesús Daniel Colmenares Oviedo (dtxdf)

security/py-privleap: New port: Limited Privilege Escalation Framework

privleap is a privilege escalation framework similar in purpose to
sudo and doas, but very different conceptually. It is designed to
allow user-level applications to run very specific operations as
root without allowing full root control of the machine. Unlike
directly executable privilege escalation frameworks like sudo,
privleap runs as a background service that listens for signals from
other applications. Each signal can request a particular, pre-configured
action to be taken. Signals are authenticated, and each action is
taken only if the signal passes authentication. Any console output
from the action is then returned to the caller. This system allows
privleap to function without being SUID-root, and avoids a lot of
the potential pitfalls of sudo, doas, run0, etc.

WWW: https://www.kicksecure.com/wiki/Privleap

Number of commits found: 2

Login
User Login Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts? About the authors Issues FAQ How big is it? Security Policy Privacy Blog Contact

Search
Enter Keywords: more...

Latest Vulnerabilities

mariadb1011-client	May 29
mariadb1011-server	May 29
mariadb106-client	May 29
mariadb106-server	May 29
mariadb114-client	May 29
mariadb114-server	May 29
mariadb118-client	May 29
mariadb118-server	May 29
erlang	May 28
erlang	May 28
erlang-runtime27	May 28
erlang-runtime27	May 28
erlang-runtime27	May 28
erlang-runtime28	May 28
erlang-runtime28	May 28

28 vulnerabilities affecting 230 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last processed:
2026-05-29 13:01:17 UTC

Ports
Home Categories Deleted ports Sanity Test Failures Newsfeeds

Statistics

Graphs
NEW Graphs (Javascript)

Calculated hourly:

Port count	34538
Broken	103
Deprecated	208
Ignore	217
Forbidden	0
Restricted	1
No CDROM	1
Vulnerable	43
Expired	10
Set to expire	140
Interactive	0
new 24 hours	4
new 48 hours	15
new 7 days	43
new fortnight	79
new month	163