net-analyzer/pnp4nagios: new revision to fix insecure config permissions.

Previous revisions of pnp4nagios install /etc/pnp owned by the "nagios
user," and the npcd daemon also runs as that user. That configuration
is insecure: the unprivileged user can edit /etc/pnp/npcd.cfg, and
escalate his own privileges by setting "user = root". To avoid the
problem, we set INSTALL_OPTS="" while running "emake install". That
leaves all of /etc/pnp with the default (root:root) ownership.

Bug: https://github.com/lingej/pnp4nagios/issues/140
Package-Manager: Portage-2.3.8, Repoman-2.3.3

1 files changed, 3 insertions, 1 deletions

diff --git a/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild b/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r3.ebuild
index 818bc3104ffe..ce886f53738a 100644
--- a/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild
+++ b/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r3.ebuild
@@ -68,7 +68,9 @@ src_compile() {
 }
 
 src_install() {
-	emake DESTDIR="${D}" install install-config
+	# Don't use INSTALL_OPTS because they set insecure permissions on
+	# all of /etc/pnp (https://github.com/lingej/pnp4nagios/issues/140).
+	emake INSTALL_OPTS="" DESTDIR="${D}" install install-config
 	einstalldocs
 	newinitd "${FILESDIR}"/npcd.initd npcd
 	rm "${ED%/}/usr/share/pnp/install.php" || \