603336 – mail-filter/rmilter: init script should use checkpath instead of mkdir/chown/chmod

Bug 603336 - mail-filter/rmilter: init script should use checkpath instead of mkdir/chown/chmod

Summary: mail-filter/rmilter: init script should use checkpath instead of mkdir/chown/...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Dirkjan Ochtman (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-12-21 13:47 UTC by Michael Orlitzky
Modified:	2017-01-03 19:01 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Orlitzky gentoo-dev

2016-12-21 13:47:19 UTC

(This is the same as bug #603248)

The init script for rmilter creates its socket directory with,

  mkdir -m0750 -p $RUNDIR
  chown rmilter:rmilter $RUNDIR
  chmod g+s $RUNDIR

It would be better to use a single call to "checkpath" from OpenRC. It's more portable, being part of OpenRC, and more secure: with chown and chmod, you run the risk of following symlinks if the "rmilter" user is ever able to overwrite that path. Doing so would essentially give rmilter root, since he could take ownership of any path on the system.

Comment 1 Dirkjan Ochtman (RETIRED) gentoo-dev

2017-01-03 19:01:16 UTC

Fixed in the tree.