Summary: | <mail-filter/opendkim-2.10.3-r8: privilege escalation via PID file manipulation | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> | ||||||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||||
Status: | RESOLVED FIXED | ||||||||||||||
Severity: | normal | CC: | gentoo, klondike, net-mail+disabled, proxy-maint | ||||||||||||
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
||||||||||||
Version: | unspecified | ||||||||||||||
Hardware: | All | ||||||||||||||
OS: | Linux | ||||||||||||||
Whiteboard: | B3 [glsa+] | ||||||||||||||
Package list: |
=mail-filter/opendkim-2.10.3-r8
|
Runtime testing required: | --- | ||||||||||||
Attachments: |
|
Description
Michael Orlitzky
2017-09-04 20:46:50 UTC
Created attachment 492372 [details]
opendkim.confd
Created attachment 492374 [details]
opendkim.init.r4
Created attachment 492376 [details]
opendkim.service.conf
Created attachment 492378 [details]
opendkim-r2.service
@Maintainers please call for stabilization when ready. Gentoo Security Padawan ChrisADR The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28706fe998d7ea18549d78aa1bfee4da6bb18ffa commit 28706fe998d7ea18549d78aa1bfee4da6bb18ffa Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2019-03-27 15:48:17 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2019-03-27 17:18:07 +0000 mail-filter/opendkim: new revision to overhaul service scripts. The OpenRC service script has been largely rewritten in this revision, to solve a number of problems: * The PID file is now stored securely (bug 629914). * Different PID files are used for multiple instances (bug 536162). * The detection of boolean options in the config file is more robust, allowing "1", "0", "yes", "false", et cetera. * The socket is now located in a conf.d file, rather than parsed from the config file. The service script ensures that the directory containing the socket has the correct permissions, and the conf.d file comes with a big warning to that effect. Note that the (commented- out) example directory IS NOT shared with the PID file. * An error is thrown if we can't remove a stale socket. * Modern OpenRC service script standards have been adopted. Some minor changes have been made to the systemd service for consistency, but none of them have been tested. More work needs to be done here anyway; for example, we most likely want a tmpfiles.d entry for the local socket directory if the user configures one. This should be documented in opendkim.service.conf, and tested by someone who uses systemd. Closes: https://bugs.gentoo.org/536162 Bug: https://bugs.gentoo.org/629914 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 .../{opendkim-r2.service => opendkim-r3.service} | 2 +- mail-filter/opendkim/files/opendkim.confd | 18 ++++++ mail-filter/opendkim/files/opendkim.init.r4 | 55 ---------------- mail-filter/opendkim/files/opendkim.init.r5 | 73 ++++++++++++++++++++++ mail-filter/opendkim/files/opendkim.service.conf | 2 + ...-2.10.3-r6.ebuild => opendkim-2.10.3-r7.ebuild} | 26 ++++---- 6 files changed, 109 insertions(+), 67 deletions(-) @Michael, thank you for the thorough commit log and work on all the various PID file issues in the tree! @arches, please stabilize. amd64 stable x86 stable Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d424c81f020cada007c5ca23be5acc73f4cf6600 commit d424c81f020cada007c5ca23be5acc73f4cf6600 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2019-04-06 11:31:17 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2019-04-06 11:31:38 +0000 mail-filter/opendkim: remove old vulnerable revision. Bug: https://bugs.gentoo.org/629914 Bug: https://bugs.gentoo.org/629888 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 mail-filter/opendkim/opendkim-2.10.3-r3.ebuild | 204 ------------------------- 1 file changed, 204 deletions(-) This issue was resolved and addressed in GLSA 201904-22 at https://security.gentoo.org/glsa/201904-22 by GLSA coordinator Aaron Bauman (b-man). |