summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZac Medico <zmedico@gentoo.org>2016-12-13 09:50:33 -0800
committerZac Medico <zmedico@gentoo.org>2016-12-13 09:55:11 -0800
commitf36646ec19b50b45cbf6def47e8e34ac2237b3c8 (patch)
tree6ac5522e5f996d2f4b4e32241721ecc930c4464e
parentnet-misc/strongswan: Bumping to 5.5.1, fixing bug #602456 (diff)
downloadgentoo-f36646ec19b50b45cbf6def47e8e34ac2237b3c8.tar.gz
gentoo-f36646ec19b50b45cbf6def47e8e34ac2237b3c8.tar.bz2
gentoo-f36646ec19b50b45cbf6def47e8e34ac2237b3c8.zip
net-misc/peervpn: 0.044-r2 revbump for bug 602550
Remove the chown call from the openrc init script start_post function, in order to prevent privilege escalation attacks. It is unsafe to call chown in a directory that is not owned by root, since the target file could be a hardlink to a root-owned file. X-Gentoo-bug: 602550 X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=602550 Package-Manager: portage-2.3.3
-rw-r--r--net-misc/peervpn/files/peervpn.initd5
-rw-r--r--net-misc/peervpn/files/peervpn.logrotated1
-rw-r--r--net-misc/peervpn/peervpn-0.044-r2.ebuild (renamed from net-misc/peervpn/peervpn-0.044-r1.ebuild)1
3 files changed, 0 insertions, 7 deletions
diff --git a/net-misc/peervpn/files/peervpn.initd b/net-misc/peervpn/files/peervpn.initd
index b607ec3de3f..d90043f0de9 100644
--- a/net-misc/peervpn/files/peervpn.initd
+++ b/net-misc/peervpn/files/peervpn.initd
@@ -25,8 +25,3 @@ depend() {
start_pre() {
checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}"
}
-
-start_post() {
- # Use -h to prevent privilege escalation attacks. Fixes bug #602550.
- chown -h "${user}":"${group}" "${logfile}"
-}
diff --git a/net-misc/peervpn/files/peervpn.logrotated b/net-misc/peervpn/files/peervpn.logrotated
index 5de0a248784..e99669c9135 100644
--- a/net-misc/peervpn/files/peervpn.logrotated
+++ b/net-misc/peervpn/files/peervpn.logrotated
@@ -1,5 +1,4 @@
/var/log/peervpn/peervpn.log {
- su peervpn peervpn
missingok
size 5M
rotate 3
diff --git a/net-misc/peervpn/peervpn-0.044-r1.ebuild b/net-misc/peervpn/peervpn-0.044-r2.ebuild
index 52e1451c5f7..be4523194e9 100644
--- a/net-misc/peervpn/peervpn-0.044-r1.ebuild
+++ b/net-misc/peervpn/peervpn-0.044-r2.ebuild
@@ -46,7 +46,6 @@ src_install() {
systemd_dounit "${FILESDIR}/${PN}.service"
keepdir /var/log/${PN}
- fowners ${PN}:${PN} /var/log/${PN}
insinto /etc/logrotate.d
newins "${FILESDIR}/${PN}.logrotated" "${PN}"
}