commit: f36646ec19b50b45cbf6def47e8e34ac2237b3c8
Author: Zac Medico gentoo org>
AuthorDate: Tue Dec 13 17:50:33 2016 +
Commit: Zac Medico gentoo org>
CommitDate: Tue Dec 13 17:55:11 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f36646ec
net-misc/peervpn: 0.044-r2 revbump for bug 602550
Remove the chown call from the openrc init script start_post function,
in order to prevent privilege escalation attacks. It is unsafe to call
chown in a directory that is not owned by root, since the target file
could be a hardlink to a root-owned file.
X-Gentoo-bug: 602550
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=602550
Package-Manager: portage-2.3.3
net-misc/peervpn/files/peervpn.initd | 5 -
net-misc/peervpn/files/peervpn.logrotated| 1 -
.../peervpn/{peervpn-0.044-r1.ebuild => peervpn-0.044-r2.ebuild} | 1 -
3 files changed, 7 deletions(-)
diff --git a/net-misc/peervpn/files/peervpn.initd
b/net-misc/peervpn/files/peervpn.initd
index b607ec3..d90043f 100644
--- a/net-misc/peervpn/files/peervpn.initd
+++ b/net-misc/peervpn/files/peervpn.initd
@@ -25,8 +25,3 @@ depend() {
start_pre() {
checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}"
}
-
-start_post() {
- # Use -h to prevent privilege escalation attacks. Fixes bug #602550.
- chown -h "${user}":"${group}" "${logfile}"
-}
diff --git a/net-misc/peervpn/files/peervpn.logrotated
b/net-misc/peervpn/files/peervpn.logrotated
index 5de0a24..e99669c 100644
--- a/net-misc/peervpn/files/peervpn.logrotated
+++ b/net-misc/peervpn/files/peervpn.logrotated
@@ -1,5 +1,4 @@
/var/log/peervpn/peervpn.log {
- su peervpn peervpn
missingok
size 5M
rotate 3
diff --git a/net-misc/peervpn/peervpn-0.044-r1.ebuild
b/net-misc/peervpn/peervpn-0.044-r2.ebuild
similarity index 96%
rename from net-misc/peervpn/peervpn-0.044-r1.ebuild
rename to net-misc/peervpn/peervpn-0.044-r2.ebuild
index 52e1451..be45231 100644
--- a/net-misc/peervpn/peervpn-0.044-r1.ebuild
+++ b/net-misc/peervpn/peervpn-0.044-r2.ebuild
@@ -46,7 +46,6 @@ src_install() {
systemd_dounit "${FILESDIR}/${PN}.service"
keepdir /var/log/${PN}
- fowners ${PN}:${PN} /var/log/${PN}
insinto /etc/logrotate.d
newins "${FILESDIR}/${PN}.logrotated" "${PN}"
}