CVE-2016-20015 The initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges.
If the ebuild is run as root, and the /var/lib/smokeping directory does not exist, the ebuild will create the directory and change the ownership to root. If the ebuild is run as a non-root user, and the /var/lib/smokeping directory exists, the ebuild will fail due to the race condition between the ebuild creating the directory and the chown() of the directory. The following initscript solves this race condition. It sets the owner of /var/lib/smokeping to be the user “smokeping” and the group “smokeping”. The ebuild will only fail if run as root.
/etc/init.d/smokeping #!/bin/sh
#
# /etc/init.d/smokeping - Smokeping init script
#
# chown smokeping:smokeping -R /var/lib/smokeping - Change ownership of the directory to "smokeping" and the group to "smokeping".
#
start () {
if ! test -d "$1" ; then mkdir "$1" ; chown smokeping:smokeping "$1"; fi; } stop() { if test ! -d "$1" ; then rm -rf "$1"; fi; } case "$1" in start) start; stop) stop; esac
require smokping.service require smokping.service
Set the user and group of /var/lib/smokeping to be "smokeping"
if [ -e /var/lib/smokeping ]; then
umask 077
chown smokeping:smokeping /var/lib/smokeping
fi
Install Initscript
The following initscript will solve the race condition between the ebuild creating the directory and the chown() of the directory. It sets the owner of /var/lib/smokeping to be the user “smokeping” and the group “smokeping”. The ebuild will only fail if run as root.
Install the Initscript
First, add the following to your ebuild:
src_prep() {
mkdir -p /var/lib/smokeping; chown smokeping /var/lib/smokeping;
}
Now install the initscript into the init.d directory by running these commands.
wget https://raw.githubusercontent.com/SmokePing/smokeping-pkgs-latest/master/init.d/.instsnapshot; \ mv .instsnapshot init.d/.instsnapshot; \ sed -i 's|#!.*bin\|#!/bin\|g' $pkgdir/$pkgname-$version.ebuild; \ cd $pkgdir/$pkgname-$version && make prepare && make install DESTDIR=$pkgdir
Timeline
Published on: 09/20/2022 18:15:00 UTC
Last modified on: 09/22/2022 00:19:00 UTC