The init script for smstools uses a series of mkdir, chown, and chmod to create a directory it needs at runtime: if ! [ -d /var/run/smsd ]; then ebegin "Creating /var/run/smsd for ${SVCNAME}" mkdir /var/run/smsd \ && chown smsd:sms /var/run/smsd \ && chmod 770 /var/run/smsd eend $? fi chown smsd:sms /var/log/smsd.log ... It would be better to use "checkpath" (man openrc-run) which comes with OpenRC. It's more portable, since users are guaranteed to have OpenRC, and more secure: chown and chmod will follow symlinks and change ownership/permissions on the target. Checkpath won't, so if root:root ever loses full control of those paths, having the init script use checkpath will prevent a root privilege escalation by the smsd user or sms group, who might be able to change /var/run/smsd to a symlink.
Resolved in tree with 3.1.21-r1; thank you for your report.
Thanks! I haven't done the CVE or Gentoo bug for this yet, but just to give you a heads up -- there's another problem with the init script that's going to be kinda hard to fix without upstream cooperation: http://smstools3.kekekasvi.com/topic.php?id=1459 It looks like the maintainer is leaning towards having the init script do all the work to ensure that it doesn't kill the wrong process.
Michael, if you can write a fixed init script and test that it stops & starts okay, please feel free to revbump this package in the tree.
