From c309a1e0e20fd3af6f21f91db6ad67eddc3a488c Mon Sep 17 00:00:00 2001 From: Tomas Mozes Date: Tue, 26 Sep 2017 13:26:27 +0200 Subject: dev-db/mongodb: prevent privilege escalation (bug #631000) Package-Manager: Portage-2.3.10, Repoman-2.3.3 Closes: https://github.com/gentoo/gentoo/pull/5763 --- dev-db/mongodb/files/mongodb.confd-r3 | 11 +++++++++++ dev-db/mongodb/files/mongodb.initd-r3 | 18 ++++++++++++++++++ dev-db/mongodb/files/mongos.confd-r3 | 11 +++++++++++ dev-db/mongodb/files/mongos.initd-r3 | 18 ++++++++++++++++++ dev-db/mongodb/mongodb-3.0.15.ebuild | 8 ++++---- dev-db/mongodb/mongodb-3.2.16.ebuild | 8 ++++---- dev-db/mongodb/mongodb-3.4.9.ebuild | 8 ++++---- 7 files changed, 70 insertions(+), 12 deletions(-) create mode 100644 dev-db/mongodb/files/mongodb.confd-r3 create mode 100644 dev-db/mongodb/files/mongodb.initd-r3 create mode 100644 dev-db/mongodb/files/mongos.confd-r3 create mode 100644 dev-db/mongodb/files/mongos.initd-r3 (limited to 'dev-db/mongodb') diff --git a/dev-db/mongodb/files/mongodb.confd-r3 b/dev-db/mongodb/files/mongodb.confd-r3 new file mode 100644 index 000000000000..e515d1ddc730 --- /dev/null +++ b/dev-db/mongodb/files/mongodb.confd-r3 @@ -0,0 +1,11 @@ +# !! IMPORTANT !! +# +# This file is ONLY used to override some of the init script configuration. +# +# You should NOT use this file to configure your mongodb instance, +# see the /etc/mongodb.conf file instead. +# +# Available init script modifiers : +# - config_file : the configuration file to use (default : /etc/mongodb.conf) +# - user : the user used to run your mongodb instance (default : mongodb) +# - group : the group used to run your mongodb instance (default : mongodb) diff --git a/dev-db/mongodb/files/mongodb.initd-r3 b/dev-db/mongodb/files/mongodb.initd-r3 new file mode 100644 index 000000000000..778ef7482406 --- /dev/null +++ b/dev-db/mongodb/files/mongodb.initd-r3 @@ -0,0 +1,18 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +: ${config_file:="/etc/${RC_SVCNAME}.conf"} +: ${user:=mongodb} +: ${group:=mongodb} + +command="/usr/bin/mongod" +command_args="--config ${config_file}" +command_background="true" +pidfile="/run/${RC_SVCNAME}.pid" +command_user="${user}:${group}" +required_files="${config_file}" + +depend() { + use net +} diff --git a/dev-db/mongodb/files/mongos.confd-r3 b/dev-db/mongodb/files/mongos.confd-r3 new file mode 100644 index 000000000000..7f297dfd3e43 --- /dev/null +++ b/dev-db/mongodb/files/mongos.confd-r3 @@ -0,0 +1,11 @@ +# !! IMPORTANT !! +# +# This file is ONLY used to override some of the init script configuration. +# +# You should NOT use this file to configure your mongos instance, +# see the /etc/mongos.conf file instead. +# +# Available init script modifiers : +# - config_file : the configuration file to use (default : /etc/mongos.conf) +# - user : the user used to run your mongodb instance (default : mongodb) +# - group : the group used to run your mongodb instance (default : mongodb) diff --git a/dev-db/mongodb/files/mongos.initd-r3 b/dev-db/mongodb/files/mongos.initd-r3 new file mode 100644 index 000000000000..cf5844ae30a9 --- /dev/null +++ b/dev-db/mongodb/files/mongos.initd-r3 @@ -0,0 +1,18 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +: ${config_file:="/etc/${RC_SVCNAME}.conf"} +: ${user:=mongodb} +: ${group:=mongodb} + +command="/usr/bin/mongos" +command_args="--config ${config_file}" +command_background="true" +pidfile="/run/${RC_SVCNAME}.pid" +command_user="${user}:${group}" +required_files="${config_file}" + +depend() { + use net +} diff --git a/dev-db/mongodb/mongodb-3.0.15.ebuild b/dev-db/mongodb/mongodb-3.0.15.ebuild index 848080d07995..08741ca2af67 100644 --- a/dev-db/mongodb/mongodb-3.0.15.ebuild +++ b/dev-db/mongodb/mongodb-3.0.15.ebuild @@ -111,10 +111,10 @@ src_install() { doman debian/mongo*.1 dodoc README docs/building.md - newinitd "${FILESDIR}/${PN}.initd-r2" ${PN} - newconfd "${FILESDIR}/${PN}.confd-r2" ${PN} - newinitd "${FILESDIR}/${PN/db/s}.initd-r2" ${PN/db/s} - newconfd "${FILESDIR}/${PN/db/s}.confd-r2" ${PN/db/s} + newinitd "${FILESDIR}/${PN}.initd-r3" ${PN} + newconfd "${FILESDIR}/${PN}.confd-r3" ${PN} + newinitd "${FILESDIR}/${PN/db/s}.initd-r3" ${PN/db/s} + newconfd "${FILESDIR}/${PN/db/s}.confd-r3" ${PN/db/s} insinto /etc newins "${FILESDIR}/${PN}.conf-r3" ${PN}.conf diff --git a/dev-db/mongodb/mongodb-3.2.16.ebuild b/dev-db/mongodb/mongodb-3.2.16.ebuild index f18602bddd95..762934559887 100644 --- a/dev-db/mongodb/mongodb-3.2.16.ebuild +++ b/dev-db/mongodb/mongodb-3.2.16.ebuild @@ -129,10 +129,10 @@ src_install() { doman debian/mongo*.1 dodoc README docs/building.md - newinitd "${FILESDIR}/${PN}.initd-r2" ${PN} - newconfd "${FILESDIR}/${PN}.confd-r2" ${PN} - newinitd "${FILESDIR}/${PN/db/s}.initd-r2" ${PN/db/s} - newconfd "${FILESDIR}/${PN/db/s}.confd-r2" ${PN/db/s} + newinitd "${FILESDIR}/${PN}.initd-r3" ${PN} + newconfd "${FILESDIR}/${PN}.confd-r3" ${PN} + newinitd "${FILESDIR}/${PN/db/s}.initd-r3" ${PN/db/s} + newconfd "${FILESDIR}/${PN/db/s}.confd-r3" ${PN/db/s} insinto /etc newins "${FILESDIR}/${PN}.conf-r3" ${PN}.conf diff --git a/dev-db/mongodb/mongodb-3.4.9.ebuild b/dev-db/mongodb/mongodb-3.4.9.ebuild index 8b70cd5e8e22..1e193228dcc2 100644 --- a/dev-db/mongodb/mongodb-3.4.9.ebuild +++ b/dev-db/mongodb/mongodb-3.4.9.ebuild @@ -134,10 +134,10 @@ src_install() { doman debian/mongo*.1 dodoc README docs/building.md - newinitd "${FILESDIR}/${PN}.initd-r2" ${PN} - newconfd "${FILESDIR}/${PN}.confd-r2" ${PN} - newinitd "${FILESDIR}/${PN/db/s}.initd-r2" ${PN/db/s} - newconfd "${FILESDIR}/${PN/db/s}.confd-r2" ${PN/db/s} + newinitd "${FILESDIR}/${PN}.initd-r3" ${PN} + newconfd "${FILESDIR}/${PN}.confd-r3" ${PN} + newinitd "${FILESDIR}/${PN/db/s}.initd-r3" ${PN/db/s} + newconfd "${FILESDIR}/${PN/db/s}.confd-r3" ${PN/db/s} insinto /etc newins "${FILESDIR}/${PN}.conf-r3" ${PN}.conf -- cgit v1.2.3-65-gdbad