From: "Michael Orlitzky" <mjo@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-admin/tenshi/
Date: Thu, 31 Aug 2017 00:54:21 +0000 (UTC) [thread overview]
Message-ID: <1504140769.7d56e1b385a02eab7852a3f0677f9f0f63c93df2.mjo@gentoo> (raw)
commit: 7d56e1b385a02eab7852a3f0677f9f0f63c93df2
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 31 00:52:49 2017 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Thu Aug 31 00:52:49 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d56e1b3
app-admin/tenshi: new revision with tenshi.conf owned by root:root.
The tenshi.conf file was owned by the "tenshi" user in previous
revisions. This was open to exploitation because that conf file
contains two important settings:
1. The UID that the daemon will run as.
2. The "tail" command to be run on the logfiles.
If the "tenshi" user can write to it, he can specify an arbitrary
command to be run as an arbitrary UID the next time the daemon is
started.
Thanks to Brian De Wolf for noticing the problem.
Package-Manager: Portage-2.3.6, Repoman-2.3.1
app-admin/tenshi/{tenshi-0.16.ebuild => tenshi-0.16-r1.ebuild} | 1 -
1 file changed, 1 deletion(-)
diff --git a/app-admin/tenshi/tenshi-0.16.ebuild b/app-admin/tenshi/tenshi-0.16-r1.ebuild
similarity index 96%
rename from app-admin/tenshi/tenshi-0.16.ebuild
rename to app-admin/tenshi/tenshi-0.16-r1.ebuild
index 5ea26981d82..45059dc892f 100644
--- a/app-admin/tenshi/tenshi-0.16.ebuild
+++ b/app-admin/tenshi/tenshi-0.16-r1.ebuild
@@ -32,7 +32,6 @@ src_prepare() {
src_install() {
emake DESTDIR="${D}" install
- fowners tenshi:root /etc/tenshi/tenshi.conf
doman tenshi.8
newinitd tenshi.openrc-init tenshi
next reply other threads:[~2017-08-31 0:54 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-31 0:54 Michael Orlitzky [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-11-28 11:31 [gentoo-commits] repo/gentoo:master commit in: app-admin/tenshi/ Petr Vaněk
2024-11-23 18:27 Michał Górny
2024-11-23 14:32 Michał Górny
2024-11-23 12:24 Arthur Zamarin
2024-08-25 23:54 Conrad Kostecki
2022-04-06 23:37 Conrad Kostecki
2021-05-14 0:36 Sam James
2021-05-14 0:36 Sam James
2021-05-14 0:36 Sam James
2021-05-14 0:36 Sam James
2021-04-11 19:48 Conrad Kostecki
2021-04-11 19:24 Conrad Kostecki
2018-08-18 9:00 Jonas Stein
2018-08-18 8:56 Jonas Stein
2018-08-17 21:47 Jonas Stein
2018-04-17 19:16 Johannes Huber
2018-04-17 19:16 Johannes Huber
2018-04-17 19:16 Johannes Huber
2018-03-03 21:07 Sergei Trofimovich
2018-01-26 18:21 Thomas Deutschmann
2018-01-23 16:41 Agostino Sarubbo
2017-10-19 13:56 Michael Orlitzky
2017-10-19 12:00 Thomas Deutschmann
2017-08-29 17:42 Michael Orlitzky
2016-04-04 9:00 Ian Delaney
2015-10-29 16:11 Ian Delaney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1504140769.7d56e1b385a02eab7852a3f0677f9f0f63c93df2.mjo@gentoo \
--to=mjo@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox