commit: 7d56e1b385a02eab7852a3f0677f9f0f63c93df2
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 31 00:52:49 2017 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Thu Aug 31 00:52:49 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d56e1b3
app-admin/tenshi: new revision with tenshi.conf owned by root:root.
The tenshi.conf file was owned by the "tenshi" user in previous
revisions. This was open to exploitation because that conf file
contains two important settings:
1. The UID that the daemon will run as.
2. The "tail" command to be run on the logfiles.
If the "tenshi" user can write to it, he can specify an arbitrary
command to be run as an arbitrary UID the next time the daemon is
started.
Thanks to Brian De Wolf for noticing the problem.
Package-Manager: Portage-2.3.6, Repoman-2.3.1
app-admin/tenshi/{tenshi-0.16.ebuild => tenshi-0.16-r1.ebuild} | 1 -
1 file changed, 1 deletion(-)
diff --git a/app-admin/tenshi/tenshi-0.16.ebuild
b/app-admin/tenshi/tenshi-0.16-r1.ebuild
similarity index 96%
rename from app-admin/tenshi/tenshi-0.16.ebuild
rename to app-admin/tenshi/tenshi-0.16-r1.ebuild
index 5ea26981d82..45059dc892f 100644
--- a/app-admin/tenshi/tenshi-0.16.ebuild
+++ b/app-admin/tenshi/tenshi-0.16-r1.ebuild
@@ -32,7 +32,6 @@ src_prepare() {
src_install() {
emake DESTDIR="${D}" install
- fowners tenshi:root /etc/tenshi/tenshi.conf
doman tenshi.8
newinitd tenshi.openrc-init tenshi
