Overview

File remove-chown-chmod.service.patch of Package quagga

References: bsc#1191890,CVE-2021-44038
Upstream: no

The services ensure using ConditionPathExists that configuration
files exist at start time.

This change reverts to quagga-1.1.1 service behavior and removes
the attempts to fix configuration file ownership and permissions
that may lead to local privilege escalation from quagga to root.

--- quagga-1.2.4-orig/redhat/bgpd.service
+++ quagga-1.2.4/redhat/bgpd.service
@@ -23,8 +23,6 @@
 Type=forking
 PIDFile=/run/quagga/bgpd.pid
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/bgpd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/bgpd.conf
 ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf
 Restart=on-abort
 
--- quagga-1.2.4-orig/redhat/isisd.service
+++ quagga-1.2.4/redhat/isisd.service
@@ -23,8 +23,6 @@
 Type=forking
 PIDFile=/run/quagga/isisd.pid
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/isisd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/isisd.conf
 ExecStart=/usr/sbin/isisd -d $ISISD_OPTS -f /etc/quagga/isisd.conf
 Restart=on-abort
 
--- quagga-1.2.4-orig/redhat/ospf6d.service
+++ quagga-1.2.4/redhat/ospf6d.service
@@ -23,8 +23,6 @@
 Type=forking
 PIDFile=/run/quagga/ospf6d.pid
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ospf6d.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ospf6d.conf
 ExecStart=/usr/sbin/ospf6d -d $OSPF6D_OPTS -f /etc/quagga/ospf6d.conf
 Restart=on-abort
 
--- quagga-1.2.4-orig/redhat/ospfd.service
+++ quagga-1.2.4/redhat/ospfd.service
@@ -23,8 +23,6 @@
 Type=forking
 PIDFile=/run/quagga/ospfd.pid
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ospfd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ospfd.conf
 ExecStart=/usr/sbin/ospfd -d $OSPFD_OPTS -f /etc/quagga/ospfd.conf
 Restart=on-abort
 
--- quagga-1.2.4-orig/redhat/ripd.service
+++ quagga-1.2.4/redhat/ripd.service
@@ -23,8 +23,6 @@
 Type=forking
 PIDFile=/run/quagga/ripd.pid
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ripd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ripd.conf
 ExecStart=/usr/sbin/ripd -d $RIPD_OPTS -f /etc/quagga/ripd.conf
 Restart=on-abort
 
--- quagga-1.2.4-orig/redhat/ripngd.service
+++ quagga-1.2.4/redhat/ripngd.service
@@ -23,8 +23,6 @@
 Type=forking
 PIDFile=/run/quagga/zebra.pid
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ripngd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ripngd.conf
 ExecStart=/usr/sbin/ripngd -d $RIPNGD_OPTS -f /etc/quagga/ripngd.conf
 Restart=on-abort
 
--- quagga-1.2.4-orig/redhat/zebra.service
+++ quagga-1.2.4/redhat/zebra.service
@@ -22,9 +22,6 @@
 PIDFile=/run/quagga/zebra.pid
 EnvironmentFile=-/etc/sysconfig/quagga
 ExecStartPre=/sbin/ip route flush proto zebra
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/vtysh.conf /etc/quagga/zebra.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /run/quagga /etc/quagga/zebra.conf
-ExecStartPre=-/bin/chown -f ${QUAGGA_USER}${VTY_GROUP:+":$VTY_GROUP"} quaggavty /etc/quagga/vtysh.conf
 ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf
 Restart=on-abort
openSUSE Build Service is sponsored by
Places