Created attachment 494534 [details] rmilter.initd-r3 The init script for rmilter currently gives ownership of its PID file directory to the daemon's runtime user: PIDFILE=$RUNDIR/rmilter.pid ... start() { ebegin "Starting ${SVCNAME}" checkpath -d $RUNDIR -m2750 -o rmilter:rmilter This can be exploited by the rmilter user to kill root processes, since when the service is stopped, root will send a SIGTERM to the contents of the PID file. I've rewritten the init script to avoid that problem by running the daemon in the foreground and by letting OpenRC background it and manage its PID file. I've tried to make this compatible with the new script in bug 600578 as well, which uses a config file whose name is based on RC_SVCNAME. Note that rmilter will still create a *second* PID file on its own that will be ignored. This is ugly but probably harmless. You can eliminate the second, useless, PID file by commenting out pidfile = /var/run/rmilter/rmilter.pid; in the config file. A "sed" in src_prepare() should do the job.
Maintainer: Ping.
Note that rmilter has been deprecated as of rspamd 1.6 and you should instead use the rspamd proxy feature. rmilter isn't even guaranteed to work with rspamd 1.7+. We should probably last rite this package to make people aware it's no longer being maintained, and I'm not sure it makes sense to fix this up now.
Thanks. CCing treecleaners.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=050a723767e661038df740440b33f5f1982d1482 commit 050a723767e661038df740440b33f5f1982d1482 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-08-04 01:03:56 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-08-04 02:43:10 +0000 profiles/package.mask: last-rite mail-filter/rmilter Bug: https://bugs.gentoo.org/630990 Bug: https://bugs.gentoo.org/600578 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a5dc2ad5193e7b6c771ae2c36bc46573f45cbe7 commit 7a5dc2ad5193e7b6c771ae2c36bc46573f45cbe7 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-09-04 00:07:35 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-09-04 00:08:56 +0000 mail-filter/rmilter: remove last-rited pkg Bug: https://bugs.gentoo.org/600578 Bug: https://bugs.gentoo.org/630990 Signed-off-by: Sam James <sam@gentoo.org> mail-filter/rmilter/Manifest | 2 -- mail-filter/rmilter/files/rmilter.initd | 27 ----------------- mail-filter/rmilter/files/rmilter.initd-r1 | 25 ---------------- mail-filter/rmilter/files/rmilter.initd-r2 | 26 ---------------- mail-filter/rmilter/metadata.xml | 15 ---------- mail-filter/rmilter/rmilter-1.10.0-r1.ebuild | 45 ---------------------------- mail-filter/rmilter/rmilter-1.10.0-r2.ebuild | 45 ---------------------------- mail-filter/rmilter/rmilter-1.10.0.ebuild | 45 ---------------------------- mail-filter/rmilter/rmilter-1.9.2.ebuild | 45 ---------------------------- mail-filter/rmilter/rmilter-9999.ebuild | 45 ---------------------------- profiles/package.mask | 6 ---- 11 files changed, 326 deletions(-)
Tree is cleaned.
