The init script for consul gives ownership of the PID file directory to the same user that the daemon runs as: start_pre() { checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}" } As a result, the consul user can write whatever he wants into the PID file. Later, that may be exploitable: when the service is stopped, root will call "kill" on the contents of that file. But there's good news: there's absolutely no reason for the call to "checkpath" above. OpenRC creates the PID file as root:root, and the whole start_pre() function can be deleted if you store the PID file directly in /run. Some other minor improvements to consider while you're touching the init script: 1. Update $SVCNAME to $RC_SVCNAME. 2. Utilize command_user for the user/group instead of start_stop_daemon_args 3. Can the OpenRC "stopsig" variable be used to eliminate stop() ? 4. "after net" is redundant in light of "need net"
@Maintainers: Please let us know when the tree is clean from vulnerable versions. Gentoo Security Padawan ChrisADR
Fixed init script in revbump to 0.8.4-r1: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0328499a524ab06a762ddfc3547df030586c7642 Removed vulnerable versions: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1b7284d66c74f53588365eb310a9e80796e857f
(In reply to Zac Medico from comment #2) > Fixed init script in revbump to 0.8.4-r1: > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=0328499a524ab06a762ddfc3547df030586c7642 > > Removed vulnerable versions: > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=b1b7284d66c74f53588365eb310a9e80796e857f Thanks, Zac!
