1 |
commit: 7d56e1b385a02eab7852a3f0677f9f0f63c93df2 |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Aug 31 00:52:49 2017 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Aug 31 00:52:49 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d56e1b3 |
7 |
|
8 |
app-admin/tenshi: new revision with tenshi.conf owned by root:root. |
9 |
|
10 |
The tenshi.conf file was owned by the "tenshi" user in previous |
11 |
revisions. This was open to exploitation because that conf file |
12 |
contains two important settings: |
13 |
|
14 |
1. The UID that the daemon will run as. |
15 |
2. The "tail" command to be run on the logfiles. |
16 |
|
17 |
If the "tenshi" user can write to it, he can specify an arbitrary |
18 |
command to be run as an arbitrary UID the next time the daemon is |
19 |
started. |
20 |
|
21 |
Thanks to Brian De Wolf for noticing the problem. |
22 |
|
23 |
Package-Manager: Portage-2.3.6, Repoman-2.3.1 |
24 |
|
25 |
app-admin/tenshi/{tenshi-0.16.ebuild => tenshi-0.16-r1.ebuild} | 1 - |
26 |
1 file changed, 1 deletion(-) |
27 |
|
28 |
diff --git a/app-admin/tenshi/tenshi-0.16.ebuild b/app-admin/tenshi/tenshi-0.16-r1.ebuild |
29 |
similarity index 96% |
30 |
rename from app-admin/tenshi/tenshi-0.16.ebuild |
31 |
rename to app-admin/tenshi/tenshi-0.16-r1.ebuild |
32 |
index 5ea26981d82..45059dc892f 100644 |
33 |
--- a/app-admin/tenshi/tenshi-0.16.ebuild |
34 |
+++ b/app-admin/tenshi/tenshi-0.16-r1.ebuild |
35 |
@@ -32,7 +32,6 @@ src_prepare() { |
36 |
|
37 |
src_install() { |
38 |
emake DESTDIR="${D}" install |
39 |
- fowners tenshi:root /etc/tenshi/tenshi.conf |
40 |
doman tenshi.8 |
41 |
newinitd tenshi.openrc-init tenshi |