Attachment 9453 Details for Bug 20050 – Fix for CVE-2016-10089

Fix for CVE-2016-10089

daemon-init.in.diff (text/plain), 1.92 KB, created by David Walser on 2017-07-02 16:24:22 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: David Walser

Created: 2017-07-02 16:24:22 CEST

Size: 1.92 KB

patch

obsolete

>--- daemon-init.in.orig	2017-07-02 10:22:23.077167544 -0400
>+++ daemon-init.in	2017-07-02 10:22:24.714162276 -0400
>@@ -91,6 +91,10 @@ check_config ()
> 		echo "ERROR: Could not delete '$NagiosCfgtestFile'"
> 		exit 8
> 	fi
>+	if ! su $NagiosUser -c "touch $NagiosCfgtestFile"; then
>+		echo "ERROR: Could not create or update '$NagiosCfgtestFile'"
>+		exit 8
>+	fi
> 
> 	TMPFILE=$(mktemp /tmp/.configtest.XXXXXXXX)
> 	$NagiosBin -vp $NagiosCfgFile > "$TMPFILE"
>@@ -99,24 +103,18 @@ check_config ()
> 
> 	if test "$WARN" = "0" && test "${ERR}" = "0"; then
> 		echo "OK - Configuration check verified" > $NagiosCfgtestFile
>-		chmod 0644 $NagiosCfgtestFile
>-		chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile
> 		/bin/rm "$TMPFILE"
> 		return 0
> 	elif test "${ERR}" = "0"; then
> 		# Write the errors to a file we can have a script watching for.
> 		echo "WARNING: Warnings in config files - see log for details: $NagiosCfgtestFile" > $NagiosCfgtestFile
> 		egrep -i "(^warning|^error)" "$TMPFILE" >> $NagiosCfgtestFile
>-		chmod 0644 $NagiosCfgtestFile
>-		chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile
> 		/bin/rm "$TMPFILE"
> 		return 0
> 	else
> 		# Write the errors to a file we can have a script watching for.
> 		echo "ERROR: Errors in config files - see log for details: $NagiosCfgtestFile" > $NagiosCfgtestFile
> 		egrep -i "(^warning|^error)" "$TMPFILE" >> $NagiosCfgtestFile
>-		chmod 0644 $NagiosCfgtestFile
>-		chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile
> 		cat "$TMPFILE"
> 		exit 8
> 	fi
>@@ -209,10 +207,9 @@ case "$1" in
> 			fi
> 		fi
> 
>-		touch $NagiosVarDir/nagios.log $NagiosRetentionFile
>+		su $NagiosUser -c "touch $NagiosVarDir/nagios.log $NagiosRetentionFile"
> 		remove_commandfile
>-		touch $NagiosRunFile
>-		chown -h $NagiosUser:$NagiosGroup $NagiosRunFile $NagiosVarDir/nagios.log $NagiosRetentionFile
>+		su $NagiosUser -c "touch $NagiosRunFile"
> 		$NagiosBin -d $NagiosCfgFile
> 		if [ -d $NagiosLockDir ]; then touch $NagiosLockDir/$NagiosLockFile; fi
>

--- daemon-init.in.orig	2017-07-02 10:22:23.077167544 -0400
+++ daemon-init.in	2017-07-02 10:22:24.714162276 -0400
@@ -91,6 +91,10 @@ check_config ()
 		echo "ERROR: Could not delete '$NagiosCfgtestFile'"
 		exit 8
 	fi
+	if ! su $NagiosUser -c "touch $NagiosCfgtestFile"; then
+		echo "ERROR: Could not create or update '$NagiosCfgtestFile'"
+		exit 8
+	fi
 
 	TMPFILE=$(mktemp /tmp/.configtest.XXXXXXXX)
 	$NagiosBin -vp $NagiosCfgFile > "$TMPFILE"
@@ -99,24 +103,18 @@ check_config ()
 
 	if test "$WARN" = "0" && test "${ERR}" = "0"; then
 		echo "OK - Configuration check verified" > $NagiosCfgtestFile
-		chmod 0644 $NagiosCfgtestFile
-		chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile
 		/bin/rm "$TMPFILE"
 		return 0
 	elif test "${ERR}" = "0"; then
 		# Write the errors to a file we can have a script watching for.
 		echo "WARNING: Warnings in config files - see log for details: $NagiosCfgtestFile" > $NagiosCfgtestFile
 		egrep -i "(^warning|^error)" "$TMPFILE" >> $NagiosCfgtestFile
-		chmod 0644 $NagiosCfgtestFile
-		chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile
 		/bin/rm "$TMPFILE"
 		return 0
 	else
 		# Write the errors to a file we can have a script watching for.
 		echo "ERROR: Errors in config files - see log for details: $NagiosCfgtestFile" > $NagiosCfgtestFile
 		egrep -i "(^warning|^error)" "$TMPFILE" >> $NagiosCfgtestFile
-		chmod 0644 $NagiosCfgtestFile
-		chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile
 		cat "$TMPFILE"
 		exit 8
 	fi
@@ -209,10 +207,9 @@ case "$1" in
 			fi
 		fi
 
-		touch $NagiosVarDir/nagios.log $NagiosRetentionFile
+		su $NagiosUser -c "touch $NagiosVarDir/nagios.log $NagiosRetentionFile"
 		remove_commandfile
-		touch $NagiosRunFile
-		chown -h $NagiosUser:$NagiosGroup $NagiosRunFile $NagiosVarDir/nagios.log $NagiosRetentionFile
+		su $NagiosUser -c "touch $NagiosRunFile"
 		$NagiosBin -d $NagiosCfgFile
 		if [ -d $NagiosLockDir ]; then touch $NagiosLockDir/$NagiosLockFile; fi

Actions: View

Attachments on bug 20050: 9453