commit: 6a5bac28672abbc54f164d853d929a3e4d8b654d Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> AuthorDate: Thu Nov 2 17:27:17 2017 +0000 Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> CommitDate: Sat Nov 4 23:37:21 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a5bac28
net-analyzer/pnp4nagios: new revision to fix insecure config permissions. Previous revisions of pnp4nagios install /etc/pnp owned by the "nagios user," and the npcd daemon also runs as that user. That configuration is insecure: the unprivileged user can edit /etc/pnp/npcd.cfg, and escalate his own privileges by setting "user = root". To avoid the problem, we set INSTALL_OPTS="" while running "emake install". That leaves all of /etc/pnp with the default (root:root) ownership. Bug: https://github.com/lingej/pnp4nagios/issues/140 Package-Manager: Portage-2.3.8, Repoman-2.3.3 .../{pnp4nagios-0.6.26-r2.ebuild => pnp4nagios-0.6.26-r3.ebuild} | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild b/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r3.ebuild similarity index 93% rename from net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild rename to net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r3.ebuild index 818bc3104ff..ce886f53738 100644 --- a/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild +++ b/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r3.ebuild @@ -68,7 +68,9 @@ src_compile() { } src_install() { - emake DESTDIR="${D}" install install-config + # Don't use INSTALL_OPTS because they set insecure permissions on + # all of /etc/pnp (https://github.com/lingej/pnp4nagios/issues/140). + emake INSTALL_OPTS="" DESTDIR="${D}" install install-config einstalldocs newinitd "${FILESDIR}"/npcd.initd npcd rm "${ED%/}/usr/share/pnp/install.php" || \
