[check-mk] The following commit fixes BZ: #1101669.

averi averi at fedoraproject.org
Tue May 27 20:00:59 UTC 2014 

commit aa63c25818a7f9d27607849b33023c873978b7f0
Author: Andrea Veri <av at gnome.org>
Date:   Tue May 27 21:59:22 2014 +0200

    The following commit fixes BZ: #1101669.
    
    Changes:
    
    - Install the mk-job binary on /usr/bin.
    - Make sure the proper permissions are given to /var/lib/check_mk_agent/job
      to prevent any hard or symlink to be created by a normal user and pointing
      to any file on the filesystem exposing it on the check-mk-agent output being
      run as root.

 check-mk.spec |   14 +++++++++++++-
 1 files changed, 13 insertions(+), 1 deletions(-)
---
diff --git a/check-mk.spec b/check-mk.spec
index 3f855c7..e8f35fc 100644
--- a/check-mk.spec
+++ b/check-mk.spec
@@ -2,7 +2,7 @@
 
 Name:		check-mk
 Version:	1.2.4p2
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	A new general purpose Nagios-plugin for retrieving data
 Group:		Applications/Internet
 License:	GPLv2 and GPLv3
@@ -86,6 +86,9 @@ install -m 644 xinetd.conf %{buildroot}%{_sysconfdir}/xinetd.d/check-mk-agent
 install -d -m 755 %{buildroot}%{_bindir}
 install -m 755 check_mk_agent.linux %{buildroot}%{_bindir}/check_mk_agent
 
+# mk-job installation
+install -m 755 mk-job %{buildroot}%{_bindir}/mk-job
+
 # Waitmax's binary
 install -m 755 waitmax %{buildroot}%{_bindir}/waitmax
 
@@ -230,9 +233,11 @@ rmdir %{buildroot}%{_prefix}/lib/check_mk
 %files agent
 %{_bindir}/check_mk_agent
 %{_bindir}/waitmax
+%{_bindir}/mk-job
 %{_datadir}/check-mk-agent
 %config(noreplace) %{_sysconfdir}/xinetd.d/check-mk-agent
 %config(noreplace) %{_sysconfdir}/check-mk-agent
+%attr(755, -, -) %{_localstatedir}/lib/check_mk_agent/job  
 %doc COPYING
 
 %files docs
@@ -251,6 +256,13 @@ rmdir %{buildroot}%{_prefix}/lib/check_mk
 
 
 %changelog
+Tue May 27 2014 Andrea Veri <averi at fedoraproject.org> - 1.2.4p2-2
+- Install the mk-job binary on /usr/bin.
+- Make sure the proper permissions are given to /var/lib/check_mk_agent/job
+  to prevent any hard or symlink to be created by a normal user and pointing
+  to any file on the filesystem exposing it on the check-mk-agent output being
+  run as root. Fixes BZ #1101669.
+
 * Mon Apr 14 2014 Andrea Veri <averi at fedoraproject.org> - 1.2.4p2-1
 - New upstream release.

More information about the scm-commits mailing list