[gentoo-commits] repo/gentoo:master commit in: net-misc/peervpn/files/, net-misc/peervpn/

Tue, 13 Dec 2016 09:55:35 -0800 

commit:     f36646ec19b50b45cbf6def47e8e34ac2237b3c8
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 13 17:50:33 2016 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 17:55:11 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f36646ec

net-misc/peervpn: 0.044-r2 revbump for bug 602550

Remove the chown call from the openrc init script start_post function,
in order to prevent privilege escalation attacks. It is unsafe to call
chown in a directory that is not owned by root, since the target file
could be a hardlink to a root-owned file.

X-Gentoo-bug: 602550
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=602550

Package-Manager: portage-2.3.3

 net-misc/peervpn/files/peervpn.initd                                 | 5 -----
 net-misc/peervpn/files/peervpn.logrotated                            | 1 -
 .../peervpn/{peervpn-0.044-r1.ebuild => peervpn-0.044-r2.ebuild}     | 1 -
 3 files changed, 7 deletions(-)

diff --git a/net-misc/peervpn/files/peervpn.initd 
b/net-misc/peervpn/files/peervpn.initd
index b607ec3..d90043f 100644
--- a/net-misc/peervpn/files/peervpn.initd
+++ b/net-misc/peervpn/files/peervpn.initd
@@ -25,8 +25,3 @@ depend() {
 start_pre() {
        checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}"
 }
-
-start_post() {
-       # Use -h to prevent privilege escalation attacks. Fixes bug #602550.
-       chown -h "${user}":"${group}" "${logfile}"
-}

diff --git a/net-misc/peervpn/files/peervpn.logrotated 
b/net-misc/peervpn/files/peervpn.logrotated
index 5de0a24..e99669c 100644
--- a/net-misc/peervpn/files/peervpn.logrotated
+++ b/net-misc/peervpn/files/peervpn.logrotated
@@ -1,5 +1,4 @@
 /var/log/peervpn/peervpn.log {
-       su peervpn peervpn
        missingok
        size 5M
        rotate 3

diff --git a/net-misc/peervpn/peervpn-0.044-r1.ebuild 
b/net-misc/peervpn/peervpn-0.044-r2.ebuild
similarity index 96%
rename from net-misc/peervpn/peervpn-0.044-r1.ebuild
rename to net-misc/peervpn/peervpn-0.044-r2.ebuild
index 52e1451..be45231 100644
--- a/net-misc/peervpn/peervpn-0.044-r1.ebuild
+++ b/net-misc/peervpn/peervpn-0.044-r2.ebuild
@@ -46,7 +46,6 @@ src_install() {
        systemd_dounit "${FILESDIR}/${PN}.service"
 
        keepdir /var/log/${PN}
-       fowners ${PN}:${PN} /var/log/${PN}
        insinto /etc/logrotate.d
        newins "${FILESDIR}/${PN}.logrotated" "${PN}"
 }

Reply via email to