Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: intelmqsetup - never take ownership of / #2355

Merged
merged 2 commits into from
May 8, 2023
Merged

FIX: intelmqsetup - never take ownership of / #2355

merged 2 commits into from
May 8, 2023

Conversation

kamil-certat
Copy link
Contributor

The tool intelmqsetup wants to change the owner ROOT_DIR path.
If instructed to install IntelMQ in LSB-style paths, it's set
to the '/' resulting in changing the owner of system root to
intelmq.

This case is rare to happen (requires explixitly set INTELMQ_PATHS_NO_OPT
variable and using PIP package or directly the source code,
as the native package doesn't contain intelmqsetup), but it's
still potentially dangerous and can cause the system degradation
(e.g. prevents systemd-tmpfiles from working correctly).

Fixes: #2354

@kamil-certat
FIX: intelmqsetup - never take ownership of /
0e69f75 
The tool intelmqsetup wants to change the owner ROOT_DIR path.
If instructed to install IntelMQ in LSB-style paths, it's set
to the '/' resulting in changing the owner of system root to
intelmq.

This case is rare to happen (requires explixitly set INTELMQ_PATHS_NO_OPT
variable and using PIP package or directly the source code,
as the native package doesn't contain intelmqsetup), but it's
still potentially dangerous and can cause the system degradation
(e.g. prevents systemd-tmpfiles from working correctly).

Fixes: certtools#2354
@sebix sebix added this to the 3.1.1 milestone May 3, 2023
@sebix sebix added bug Indicates an unexpected problem or unintended behavior packaging component: core labels May 3, 2023
sebix
sebix requested changes May 3, 2023
View reviewed changes
Copy link
Member

@sebix sebix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Except for the changelog change suggestion, ready for merge.
Thanks for the tests :)

CHANGELOG.md Outdated Show resolved Hide resolved
intelmq/bin/intelmqsetup.py Show resolved Hide resolved
@kamil-certat @sebix
Update CHANGELOG.md
3bf45c9 
Co-authored-by: Sebastian <[email protected]>
@kamil-certat
Copy link
Contributor Author

@sebix Do you have any questions more, or we could merge it?

@sebix sebix merged commit d9c3108 into certtools:develop May 8, 2023
24 checks passed
@sebix sebix self-assigned this May 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sebix sebix sebix approved these changes

Assignees

@sebix sebix

Labels
bug Indicates an unexpected problem or unintended behavior component: core packaging
Projects
None yet
Milestone
3.1.1
Development

Successfully merging this pull request may close these issues.

intelmqsetup changes the root directory ownership
2 participants
@kamil-certat @sebix