From ef690014b2944b87ab078a71b2e57d2179a6ae66 Mon Sep 17 00:00:00 2001 From: Bryan Heden <bheden@nagios.com> Date: Sun, 2 Jul 2017 10:29:05 -0500 Subject: [PATCH] Applying patch from David Walser via bugs.mageia.org/show_bug.cgi?id=20050 in regards to CVE-2016-10089 --- daemon-init.in | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/daemon-init.in b/daemon-init.in index af1498c5..0ea477bc 100644 --- a/daemon-init.in +++ b/daemon-init.in @@ -91,6 +91,10 @@ check_config () echo "ERROR: Could not delete '$NagiosCfgtestFile'" exit 8 fi + if ! su $NagiosUser -c "touch $NagiosCfgtestFile"; then + echo "ERROR: Could not create or update '$NagiosCfgtestFile'" + exit 8 + fi TMPFILE=$(mktemp /tmp/.configtest.XXXXXXXX) $NagiosBin -vp $NagiosCfgFile > "$TMPFILE" @@ -99,24 +103,18 @@ check_config () if test "$WARN" = "0" && test "${ERR}" = "0"; then echo "OK - Configuration check verified" > $NagiosCfgtestFile - chmod 0644 $NagiosCfgtestFile - chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile /bin/rm "$TMPFILE" return 0 elif test "${ERR}" = "0"; then # Write the errors to a file we can have a script watching for. echo "WARNING: Warnings in config files - see log for details: $NagiosCfgtestFile" > $NagiosCfgtestFile egrep -i "(^warning|^error)" "$TMPFILE" >> $NagiosCfgtestFile - chmod 0644 $NagiosCfgtestFile - chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile /bin/rm "$TMPFILE" return 0 else # Write the errors to a file we can have a script watching for. echo "ERROR: Errors in config files - see log for details: $NagiosCfgtestFile" > $NagiosCfgtestFile egrep -i "(^warning|^error)" "$TMPFILE" >> $NagiosCfgtestFile - chmod 0644 $NagiosCfgtestFile - chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile cat "$TMPFILE" exit 8 fi @@ -209,10 +207,9 @@ case "$1" in fi fi - touch $NagiosVarDir/nagios.log $NagiosRetentionFile + su $NagiosUser -c "touch $NagiosVarDir/nagios.log $NagiosRetentionFile" rm -f $NagiosCommandFile - touch $NagiosRunFile - chown -h $NagiosUser:$NagiosGroup $NagiosRunFile $NagiosVarDir/nagios.log $NagiosRetentionFile + su $NagiosUser -c "touch $NagiosRunFile" $NagiosBin -d $NagiosCfgFile if [ -d $NagiosLockDir ]; then touch $NagiosLockDir/$NagiosLockFile; fi