603462 – net-p2p/transmission: init script should use checkpath instead of mkdir/chown

Bug 603462 - net-p2p/transmission: init script should use checkpath instead of mkdir/chown

Summary: net-p2p/transmission: init script should use checkpath instead of mkdir/chown

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Mike Gilbert

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-12-22 13:44 UTC by Michael Orlitzky
Modified:	2016-12-22 16:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Orlitzky gentoo-dev

2016-12-22 13:44:33 UTC

The init script for transmission creates its own runtime directory:

  if [ ! -d "${rundir}" ]; then
      mkdir "${rundir}"
      if [ -n "${runas_user}" ]; then
          chown -R ${runas_user} "${rundir}"
      fi
  fi

A single call to "checkpath" from OpenRC (man openrc-run) would be more appropriate here. It's simpler, more portable (being part of OpenRC), and more secure: chown will follow symlinks and hardlinks, but checkpath will not.

(I don't see any way to exploit the stanza above, but since checkpath is preferable anyway, the total absence of "chown" from the init script would be reassuring.)

Comment 1 Mike Gilbert gentoo-dev

2016-12-22 15:11:28 UTC

You are looking at an obsolete version of the init script.

Comment 2 Michael Orlitzky gentoo-dev

2016-12-22 16:06:20 UTC

(In reply to Mike Gilbert from comment #1)
> an obsolete version

Not... alphabetically =)

Sorry for the noise.