Bug 630796

Description Michael Orlitzky 2017-09-12 12:16:52 UTC

Created attachment 494220 [details]
couchdb.conf-3

The couchdb init script gives ownership of its PID file directory to the $COUCHDB_USER:

  COUCHDB_PID_FILE="/var/run/couchdb/couchdb.pid"

  start_pre() {
      checkpath -q -d -m 0755 -o ${COUCHDB_USER} /var/run/couchdb
  }

This can be exploited by the $COUCHDB_USER to kill root processes, since when you stop the service, root will send a SIGTERM to the contents of that PID file.

I've rewritten the init script to work around this issue by running the daemon in the foreground, and by having OpenRC manage the PID file (which now gets written, as root, to /run/couchdb.pid).

I made one other clean-up, and removed "need net" from the depend() function. The daemon listens on 127.0.0.1 by default, and "need net" actually doesn't include the loopback interface. So "neet net" requires an interface you need -- but more importantly, would stop CouchDB when the interface you don't need goes down. (There's a bug with alias "need-net" about this.) Instead, I added

  rc_need="net.lo"

to the conf.d file, and left a comment that you should specify whatever interface matches your bind_address. That will ensure that you require (only) the interface that you need.