Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 505596 Details for
Bug 638186
<net-analyzer/icinga-1.14.2: root privilege escalation via insecure permissions
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch
icinga.patch (text/plain), 4.73 KB, created by
Matthew Thode ( prometheanfire )
on 2017-11-22 02:54:44 UTC
(
hide
)
Description:
proposed patch
Filename:
MIME Type:
Creator:
Matthew Thode ( prometheanfire )
Created:
2017-11-22 02:54:44 UTC
Size:
4.73 KB
patch
obsolete
>--- icinga-1.14.0.ebuild 2017-05-18 01:21:29.561517741 -0500 >+++ icinga-1.14.0.ebuild 2017-11-21 20:52:58.161690521 -0600 >@@ -1,7 +1,7 @@ > # Copyright 1999-2017 Gentoo Foundation > # Distributed under the terms of the GNU General Public License v2 > >-EAPI=5 >+EAPI=6 > > inherit depend.apache eutils multilib pax-utils toolchain-funcs user versionator > >@@ -11,13 +11,12 @@ > #SRC_URI="mirror://sourceforge/${PN}/${PN}-${MY_PV}.tar.gz" > #S=${WORKDIR}/${PN}-${MY_PV} > #SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" >-SRC_URI="https://github.com/${PN}/${PN}-core/archive/v${PV}/${P}.tar.gz >- https://dev.gentoo.org/~prometheanfire/dist/patches/CVEs/CVE-2015-8010_1.13.3.patch" >+SRC_URI="https://github.com/${PN}/${PN}-core/archive/v${PV}/${P}.tar.gz" > S="${WORKDIR}/${PN}-core-${PV}" > > LICENSE="GPL-2" > SLOT="0" >-KEYWORDS="amd64 ~arm ~hppa ~ppc ~ppc64 x86" >+KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~x86" > IUSE="+apache2 contrib eventhandler +idoutils lighttpd +mysql perl +plugins postgres ssl +vim-syntax +web" > DEPEND="idoutils? ( dev-db/libdbi-drivers[mysql?,postgres?] ) > perl? ( dev-lang/perl:= ) >@@ -45,6 +44,7 @@ > > src_prepare() { > epatch "${FILESDIR}/fix-prestripped-binaries-1.7.0.patch" >+ eapply_user > } > > src_configure() { >@@ -100,72 +100,72 @@ > src_compile() { > tc-export CC > >- emake icinga || die "make failed" >+ emake icinga > > if use web ; then >- emake DESTDIR="${D}" cgis || die >+ emake DESTDIR="${D}" cgis > fi > > if use contrib ; then >- emake DESTDIR="${D}" -C contrib || die >+ emake DESTDIR="${D}" -C contrib > fi > > if use idoutils ; then >- emake DESTDIR="${D}" idoutils || die >+ emake DESTDIR="${D}" idoutils > fi > } > > src_install() { >- dodoc Changelog README UPGRADING || die >+ dodoc Changelog README UPGRADING > > if ! use web ; then >- sed -i -e '/cd $(SRC_\(CGI\|HTM\))/d' Makefile || die >+ sed -i -e '/cd $(SRC_\(CGI\|HTM\))/d' Makefile > fi > >- emake DESTDIR="${D}" install{,-config,-commandmode} || die >+ emake DESTDIR="${D}" install{,-config,-commandmode} > > if use idoutils ; then >- emake DESTDIR="${D}" install-idoutils || die >+ emake DESTDIR="${D}" install-idoutils > fi > > if use contrib ; then >- emake DESTDIR="${D}" -C contrib install || die >+ emake DESTDIR="${D}" -C contrib install > fi > > if use eventhandler ; then >- emake DESTDIR="${D}" install-eventhandlers || die >+ emake DESTDIR="${D}" install-eventhandlers > fi > >- newinitd "${FILESDIR}"/icinga-init.d icinga || die >- newconfd "${FILESDIR}"/icinga-conf.d icinga || die >+ newinitd "${FILESDIR}"/icinga-init.d icinga >+ newconfd "${FILESDIR}"/icinga-conf.d icinga > if use idoutils ; then >- newinitd "${FILESDIR}"/ido2db-init.d ido2db || die >- newconfd "${FILESDIR}"/ido2db-conf.d ido2db || die >+ newinitd "${FILESDIR}"/ido2db-init.d ido2db >+ newconfd "${FILESDIR}"/ido2db-conf.d ido2db > insinto /usr/share/icinga/contrib/db >- doins -r module/idoutils/db/* || die >+ doins -r module/idoutils/db/* > fi > # Apache Module > if use web ; then > if use apache2 ; then > insinto "${APACHE_MODULES_CONFDIR}" >- newins "${FILESDIR}"/icinga-apache.conf 99_icinga.conf || die >+ newins "${FILESDIR}"/icinga-apache.conf 99_icinga.conf > elif use lighttpd ; then > insinto /etc/lighttpd >- newins "${FILESDIR}"/icinga-lighty.conf lighttpd_icinga.conf || die >+ newins "${FILESDIR}"/icinga-lighty.conf lighttpd_icinga.conf > else > ewarn "${CATEGORY}/${PF} only supports Apache-2.x or Lighttpd webserver" > ewarn "out-of-the-box. Since you are not using one of them, you" > ewarn "have to configure your webserver accordingly yourself." > fi >- fowners -R root:root /usr/$(get_libdir)/icinga || die >- cd "${D}" || die >+ fowners -R root:root /usr/$(get_libdir)/icinga >+ cd "${D}" > find usr/$(get_libdir)/icinga -type d -exec fperms 755 {} + > find usr/$(get_libdir)/icinga/cgi-bin -type f -exec fperms 755 {} + > fi > > if use eventhandler ; then >- dodir /etc/icinga/eventhandlers || die >- fowners icinga:icinga /etc/icinga/eventhandlers || die >+ dodir /etc/icinga/eventhandlers >+ fowners icinga:icinga /etc/icinga/eventhandlers > fi > > keepdir /etc/icinga >@@ -182,11 +182,17 @@ > webserver=icinga > fi > >- fowners icinga:icinga /var/lib/icinga || die "Failed chown of /var/lib/icinga" >- fowners -R icinga:${webserver} /var/lib/icinga/rw || die "Failed chown of /var/lib/icinga/rw" >+ fowners icinga:icinga /var/lib/icinga >+ fowners -R icinga:${webserver} /var/lib/icinga/rw > >- fperms 6755 /var/lib/icinga/rw || die "Failed Chmod of ${D}/var/lib/icinga/rw" >- fperms 0750 /etc/icinga || die "Failed chmod of ${D}/etc/icinga" >+ fperms 6755 /var/lib/icinga/rw >+ >+ # ensure ownership >+ fowners -R root:root /etc/icinga >+ fperms 0750 /etc/icinga >+ fowners -R root:root /usr/sbin >+ fowners -R root:root /usr/$(get_libdir) >+ fowners -R root:root /usr/share/icinga/htdocs > > # paxmarks > if use idoutils ; then
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=505596">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 638186
: 505596
