summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZac Medico <zmedico@gentoo.org>2020-05-03 21:00:28 -0700
committerZac Medico <zmedico@gentoo.org>2020-05-03 21:02:01 -0700
commit41725d13927f9012e1758ef662f3e5ba351423ac (patch)
tree59f5491cedfc97ec9ad43e312f195425d90adc32
parentdev-python/aiohttp-cors: Revision for python 3.7 support (diff)
downloadgentoo-41725d13927f9012e1758ef662f3e5ba351423ac.tar.gz
gentoo-41725d13927f9012e1758ef662f3e5ba351423ac.tar.bz2
gentoo-41725d13927f9012e1758ef662f3e5ba351423ac.zip
net-vpn/peervpn: 0.044-r5 revbump for bug 630972
Tighten up permission adjustments related to bug 629418. Bug: https://bugs.gentoo.org/630972 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Zac Medico <zmedico@gentoo.org>
-rw-r--r--net-vpn/peervpn/peervpn-0.044-r5.ebuild (renamed from net-vpn/peervpn/peervpn-0.044-r4.ebuild)19
1 files changed, 13 insertions, 6 deletions
diff --git a/net-vpn/peervpn/peervpn-0.044-r4.ebuild b/net-vpn/peervpn/peervpn-0.044-r5.ebuild
index 0415a2741e1..a768d8ee2ef 100644
--- a/net-vpn/peervpn/peervpn-0.044-r4.ebuild
+++ b/net-vpn/peervpn/peervpn-0.044-r5.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=6
+EAPI=7
inherit systemd toolchain-funcs user
@@ -57,12 +57,19 @@ src_install() {
pkg_preinst() {
if ! has_version '>=net-vpn/peervpn-0.044-r4' && \
- [[ -d ${EROOT}etc/${PN} &&
- $(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print) ]]; then
- ewarn "Tightening '${EROOT}etc/${PN}' permissions for bug 629418"
+ [[ -d ${EROOT}/etc/${PN} && ! -L ${EROOT}/etc/${PN} &&
+ $(find "${EROOT}/etc/${PN}" -maxdepth 1 -user "${PN}" ! -type l -print) ]]; then
+ ewarn "Tightening '${EROOT}/etc/${PN}' permissions for bug 629418"
+ # Tighten the parent directory permissions first, in
+ # order to protect against race conditions involving a
+ # less-privileged user.
+ chown root:${PN} "${EROOT}/etc/${PN}"
+ chmod g+rX-w,o-rwx "${EROOT}/etc/${PN}"
+ # Don't chown/chmod the referent of a symlink
+ # owned by a less-privileged user.
while read -r -d ''; do
chown root:${PN} "${REPLY}" || die
chmod g+rX-w,o-rwx "${REPLY}" || die
- done < <(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print0)
+ done < <(find "${EROOT}/etc/${PN}" -mindepth 1 -maxdepth 1 -user "${PN}" ! -type l -print0)
fi
}