commit: 3eaffbeb6908660dc67de8a0fb8526de7dab9154 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Mon Aug 28 23:04:03 2017 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Mon Aug 28 23:04:41 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3eaffbeb
app-misc/uptimed: Revbump to fix PID file sec issue (bug #629238). Thanks to Michael Orlitzky for finding the issue and providing a fixed init script. Bumped straight to stable. Package-Manager: Portage-2.3.8, Repoman-2.3.3 app-misc/uptimed/files/uptimed.init | 13 ------------- app-misc/uptimed/files/uptimed.init-r1 | 18 ++++++++++++++++++ .../{uptimed-0.4.0.ebuild => uptimed-0.4.0-r1.ebuild} | 2 +- 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/app-misc/uptimed/files/uptimed.init b/app-misc/uptimed/files/uptimed.init deleted file mode 100644 index 0f024d0b41f..00000000000 --- a/app-misc/uptimed/files/uptimed.init +++ /dev/null @@ -1,13 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -description="uptimed - a daemon to record uptime records" -pidfile="/var/run/uptimed/uptimed.pid" -command="/usr/sbin/uptimed" -command_args="-p ${pidfile}" -start_stop_daemon_args="-u uptimed" - -start_pre() { - checkpath -q -d -o uptimed ${pidfile%/*} -} diff --git a/app-misc/uptimed/files/uptimed.init-r1 b/app-misc/uptimed/files/uptimed.init-r1 new file mode 100644 index 00000000000..96564d8ee54 --- /dev/null +++ b/app-misc/uptimed/files/uptimed.init-r1 @@ -0,0 +1,18 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="uptimed - a daemon to record uptime records" +pidfile="/run/uptimed.pid" +command="/usr/sbin/uptimed" +command_user="uptimed" + +# The uptimed daemon can create its own PID file, but it doesn't know +# how to drop privileges. On the other hand, if we run it as a +# restricted user under start-stop-daemon, the PID file it creates +# will therefore be owned by a non-root user, and that poses a +# security risk. To avoid the issue entirely, we run the daemon in the +# foreground, and then use command_background=true to let OpenRC +# handle the PID file. +command_args="-f" +command_background="true" diff --git a/app-misc/uptimed/uptimed-0.4.0.ebuild b/app-misc/uptimed/uptimed-0.4.0-r1.ebuild similarity index 96% rename from app-misc/uptimed/uptimed-0.4.0.ebuild rename to app-misc/uptimed/uptimed-0.4.0-r1.ebuild index f0ab25d8ac0..2fbdfafd16b 100644 --- a/app-misc/uptimed/uptimed-0.4.0.ebuild +++ b/app-misc/uptimed/uptimed-0.4.0-r1.ebuild @@ -38,7 +38,7 @@ src_install() { prune_libtool_files --all keepdir /var/spool/uptimed fowners uptimed:uptimed /var/spool/uptimed - newinitd "${FILESDIR}"/${PN}.init uptimed + newinitd "${FILESDIR}"/${PN}.init-r1 uptimed systemd_dounit "${FILESDIR}/${PN}.service" }