just noticed mtinkd puts it's runtime data in it's own subdirectory of /var and /var/run, but look at this...
if ( access("/var/run/mtink", O_RDONLY) == -1 )
um = umask(0);
if ( mkdir("/var/run/mtink", 0777) == -1 )
if ( debug )
fprintf(stderr,"can't create directory /var/run/mtink\n");
I don't see why he's so keen to have 0777, but anyway, that could be forgivable with some safe tmp file handling...
if ( (fp = fopen(runFile, "w")) )
create a file anywhere
$ ln -s /etc/nologin epson
$ file epson
epson: broken symbolic link to `/etc/nologin'
<wait for root to start mtinkd>
$ file epson
epson: symbolic link to `/etc/nologin'
overwrite any file
$ ln -s /etc/passwd epson
There's probably a local root in there somewhere, and it looks like you might be able to get it to kill any process on stop, but I havnt tried. the name of the run file and fifo is the NAME variable in /etc/conf.d/mtinkd.
I think the perms on the run directory should be a lot stricter, eg 0700. I don't think /var/mtink needs 777 either, perhaps 755 would be better.
Upstream will fix and release a new version in a few days.
Upstream released 1.0.5 to fix the issue:
Printing please bump.
bumped to 1.0.5 and marked stable on x86
Security please draft.
I think the ebuild should chmod /var/run/mtink and /var/mtink in pkg_postinst() to fix the perms for users who are upgrading, just adding "chmod 700 /var/mtink /var/run/mtink 2>/dev/null" should be enough.
good idea, added that