Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 603268 - net-firewall/ebtables: init script should use checkpath instead of touch/chmod
Summary: net-firewall/ebtables: init script should use checkpath instead of touch/chmod
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-20 23:21 UTC by Michael Orlitzky
Modified: 2016-12-20 23:21 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Orlitzky gentoo-dev 2016-12-20 23:21:22 UTC
The init script for ebtables uses touch and chmod to create a file with mode 0600:

  save() {
      ebegin "Saving ebtables state"
      touch "${ebtables_save}"
      chmod 0600 "${ebtables_save}"
      ...

A call to "checkpath" from OpenRC (man openrc-run) would be more appropriate there. It's more portable, being part of OpenRC, and more secure. There's no issue here, but in general, chmod will follow symlinks and so calling it automatically as root in an init script is asking for trouble.