From patchwork Fri May 21 13:42:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4356 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnq6485Sz3wbl for ; Fri, 21 May 2021 13:42:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Fmnq61TsRz6ZB; Fri, 21 May 2021 13:42:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Fmnq6067Lz2yb8; Fri, 21 May 2021 13:42:42 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnq45V0Lz2xd6 for ; Fri, 21 May 2021 13:42:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Fmnq35Bbdz297 for ; Fri, 21 May 2021 13:42:39 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621604560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gVkNW7N9Jra8MqJFBuL+qLKXW/A4Ojoodt8eLRrLNLs=; b=YtFxUSJ/a0Z8xsQDvwoBbHBoq5hwwcbTt7wpF/MWwB229mnUx21RIOaFRD2hIKQRezQP6L HW9M/F0TTLzmbLDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621604560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gVkNW7N9Jra8MqJFBuL+qLKXW/A4Ojoodt8eLRrLNLs=; b=eLA/6qex2K0HASdscCZU4nU8b+rvp06bHizP287lZEhxR722WIbcNrsmDRhjEYH1mkj0JK 9vmarfo0Ndzk3vbRMmcSuleSV8UIyxnwAuX6BYYCD8tZTAI0GcyRZiatSPg8yXtmN0SJCd 7+4bDdbbAeI5wijRLXnoTQJ9xlg4h3mAhfww8u+pku3aLAo/u+Fp7YETrNOplGpIetsx1i Dz3KygllKuVPWSfbbyQ+7WuHj642rwgkQTO/2/tF/aQpY0b3vnZtstIC3/I48Zbm8leh6k dEFLvhxVANz5VN4gQvce0linwNv207AiYJET0qXKGS7j9iQSrKnoEs89Q06OZA== Subject: [PATCH 6/6] Icinga: Do not ship event handlers for Nagios To: development@lists.ipfire.org References: <542b1005-b471-30bf-ead7-1c5dd93d457c@ipfire.org> <429b9a37-26f3-5ec4-d82d-99cb4aaa27a7@ipfire.org> <423afb1f-304d-eecf-8db3-3ea5d9353fb8@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Fri, 21 May 2021 15:42:36 +0200 MIME-Version: 1.0 In-Reply-To: <423afb1f-304d-eecf-8db3-3ea5d9353fb8@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" These are owned (hence being writable) by "nobody", posing a potential security risk. Since the files itself were already exluded from being shipped, their parent directory should be as well. This patch should reduce the amount of executable files being owned by nobody to zero after upgrading to Core Update 157. Due to complexity reasons, not all applications available in Pakfire could be tested, though, so your mileage may vary. Signed-off-by: Peter Müller --- config/rootfiles/packages/icinga | 2 +- lfs/icinga | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/packages/icinga b/config/rootfiles/packages/icinga index f81ba9db2..000be6346 100644 --- a/config/rootfiles/packages/icinga +++ b/config/rootfiles/packages/icinga @@ -25,7 +25,7 @@ usr/bin/icinga usr/bin/icingastats #usr/lib/icinga usr/lib/icinga/p1.pl -usr/lib/nagios/plugins/eventhandlers +#usr/lib/nagios/plugins/eventhandlers #usr/lib/nagios/plugins/eventhandlers/disable_active_service_checks #usr/lib/nagios/plugins/eventhandlers/disable_notifications #usr/lib/nagios/plugins/eventhandlers/distributed-monitoring diff --git a/lfs/icinga b/lfs/icinga index 6534722ac..456f66388 100644 --- a/lfs/icinga +++ b/lfs/icinga @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = icinga -PAK_VER = 4 +PAK_VER = 5 DEPS = nagios-plugins