Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 490210 Details for
Bug 628558
app-admin/logstash-bin: root privilege escalation via init script
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
logstash-bin-fix-628558.diff
logstash-bin-fix-628558.diff (text/plain), 2.07 KB, created by
Ferenc Erki
on 2017-08-23 10:54:12 UTC
(
hide
)
Description:
logstash-bin-fix-628558.diff
Filename:
MIME Type:
Creator:
Ferenc Erki
Created:
2017-08-23 10:54:12 UTC
Size:
2.07 KB
patch
obsolete
>diff --git a/app-admin/logstash-bin/files/logstash.initd b/app-admin/logstash-bin/files/logstash.initd >index 0a0f7ad..fcee67c 100644 >--- a/app-admin/logstash-bin/files/logstash.initd >+++ b/app-admin/logstash-bin/files/logstash.initd >@@ -38,7 +38,7 @@ checkconfig() { > fi > > ebegin "Checking your configuration" >- ${command} ${command_args} --config.test_and_exit >+ ${command} ${command_args} --path.logs "${LS_LOG_DIR}/configcheck" --config.test_and_exit > eend $? "Configuration error. Please fix your configuration files." > } > >@@ -54,12 +54,10 @@ start_pre() { > > rc_ulimit="-n ${LS_OPEN_FILES}" > >- local d >- for d in "${LS_INSTALL_DIR}/data" "$(dirname "${pidfile}")" "${LS_LOG_DIR}"; do >- checkpath -d -o "${LS_USER}":"${LS_GROUP}" -m750 "$d" >- chown -R "${LS_USER}":"${LS_GROUP}" "$d" >- done >- >+ checkpath -d -o root:root "$(dirname "${pidfile}")" >+ checkpath -d -o "${LS_USER}":"${LS_GROUP}" "${LS_INSTALL_DIR}/data" >+ checkpath -d -o "${LS_USER}":"${LS_GROUP}" "${LS_INSTALL_DIR}/data/queue" >+ checkpath -d -o "${LS_USER}":"${LS_GROUP}" "${LS_LOG_DIR}" > } > > stop() { >diff --git a/app-admin/logstash-bin/logstash-bin-5.4.3-r1.ebuild b/app-admin/logstash-bin/logstash-bin-5.4.3-r1.ebuild >index f8c948c..b8553e5 100644 >--- a/app-admin/logstash-bin/logstash-bin-5.4.3-r1.ebuild >+++ b/app-admin/logstash-bin/logstash-bin-5.4.3-r1.ebuild >@@ -52,9 +52,10 @@ src_install() { > } > > pkg_postinst() { >- ewarn "The default user changed from root to ${MY_PN}. If you wish to run as root (for" >- ewarn "example to read local logs), be sure to change LS_USER and LS_GROUP in" >- ewarn "${EROOT%/}/etc/conf.d/${MY_PN}" >+ ewarn "The default user changed from root to ${MY_PN}. Please ensure proper permissions" >+ ewarn "for any input or output files, including the own logs of ${MY_PN}." >+ ewarn "If you wish to run as root (for example to read local logs), be sure to change" >+ ewarn "LS_USER and LS_GROUP in ${EROOT%/}/etc/conf.d/${MY_PN}." > ewarn > ewarn "Self installed plugins are removed during Logstash upgrades (Bug #622602)" > ewarn "Install the plugins via eselect module that will automatically re-install"
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 628558
:
490192
| 490210