The init script for prometheus-node_exporter gives ownership of its PID file directory to its runtime $user: start_pre() { checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}" } That can be exploited by $user to kill root processes, since when the service is stopped, root will send a SIGTERM to the contents of the PID file (which are controlled by $user). Fortunately, the call to checkpath above is superfluous, and the PID file is already created as root. The vulnerability can be avoided by deleting start_pre() and then setting pidfile="/run/${RC_SVCNAME}.pid" at the top of the init script. Some unrelated suggestions: 1. Update the deprecated SVCNAME to RC_SVCNAME. 2. Use the command_user variable instead of passing --user and --group to start-stop-daemon. 3. The user=${user:-default} construct can also be written : ${user:=default} 4. Changing $user and $group won't work because the log file permissions will be wrong. If it's all the same, you might just hard-code those variables to "${PN}". 5. One of "need net" and "after net" is redundant.
commit 8967a1329a6967ad83e68a8bb4ef49407f4121fe (HEAD -> master, origin/master, origin/HEAD) Author: Manuel Rüger <mrueg@gentoo.org> Date: Mon Sep 18 12:49:33 2017 +0200 net-analyzer/prometheus-node_exporter: Remove old Package-Manager: Portage-2.3.8, Repoman-2.3.3 commit 1b7db743e9c14944f1f08739408e266bdd996550 Author: Manuel Rüger <mrueg@gentoo.org> Date: Mon Sep 18 12:49:20 2017 +0200 net-analyzer/prometheus-node_exporter: Update init scripts wrt bug 631146 Package-Manager: Portage-2.3.8, Repoman-2.3.3
