projects / feed / telephony.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b2980d1)
freeswitch-stable: improve init script 528/head
authorSebastian Kemper <sebastian_ml@gmx.net>
Sun, 3 May 2020 10:15:01 +0000 (12:15 +0200)
committerSebastian Kemper <sebastian_ml@gmx.net>
Mon, 4 May 2020 17:26:41 +0000 (19:26 +0200)
This is in response to a posting on oss-security ([1]).

This commit removes the ability to choose a user/group via
/etc/config/freeswitch. This makes the init script simpler. If anybody
wants to play around with the user/group, then it's up to them to fix
the permissions.

The complex awk script is deleted and replaced by two for-loops,
basically. The first loop creates "/var/lib/freeswitch" and
"/var/run/freeswitch" and chowns them to freeswitch, in case they don't
exist already.

The second loop checks if the other directories (either the default ones
or the ones specified by the user) exist. If any is missing it uses "su"
to create that directory as user "freeswitch".

The reasoning behind this is that a) this works for the defaults
(example: "/tmp/freeswitch/db") and b) the user can specify anything
he/she wants in "/etc/config/freeswitch", which could be all kinds of
strange directories. "mkdir" may now fail, as we're not calling it as
root anymore, but we err on the side of caution, as the saying goes.

Calls to "chmod" are eliminated. Instead the desired mode is provided to
"mkdir". The latter applies the mode only to the final directory.
Possible parent directories are created with the regular umask alone.

A dependency on the "su" utility is added to the Makefile.

"local" also gets removed because it is undefined in POSIX.

[1] https://www.openwall.com/lists/oss-security/2020/04/30/1

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
net/freeswitch-stable/Makefile patch | blob | history
net/freeswitch-stable/files/freeswitch.conf patch | blob | history
net/freeswitch-stable/files/freeswitch.init patch | blob | history

diff --git a/net/freeswitch-stable/Makefile b/net/freeswitch-stable/Makefile
index 4f32c2189674e79cbca52b066edd8cc38db3ea96..334121a73f686947fc198fb4dcc59cfdfb3e4279 100644 (file)
--- a/net/freeswitch-stable/Makefile
+++ b/net/freeswitch-stable/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PRG_NAME:=freeswitch
 PKG_NAME:=$(PRG_NAME)-stable
 PKG_VERSION:=1.10.2
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 PKG_MAINTAINER:=Sebastian Kemper <sebastian_ml@gmx.net>
 
 PKG_SOURCE:=$(PRG_NAME)-$(PKG_VERSION).-release.tar.xz
@@ -366,9 +366,10 @@ $(call Package/$(PKG_NAME)/Default)
   MENU:=1
   USERID:=$(PRG_NAME)=372:$(PRG_NAME)=372
   DEPENDS:= \
-         +@OPENSSL_WITH_DEPRECATED \
          $(CXX_DEPENDS) \
          $(ICONV_DEPENDS) \
+         +!BUSYBOX_DEFAULT_SU:shadow-su \
+         +@OPENSSL_WITH_DEPRECATED \
          +FS_STABLE_WITH_FREETYPE:libfreetype \
          +FS_STABLE_WITH_ODBC:unixodbc \
          +FS_STABLE_WITH_PNG:libpng \
diff --git a/net/freeswitch-stable/files/freeswitch.conf b/net/freeswitch-stable/files/freeswitch.conf
index d7c591a17dce6d8cadb48031311b1cac541e11d4..c2e48ca9d4a24921fddcb79530050ae46e25c75f 100644 (file)
--- a/net/freeswitch-stable/files/freeswitch.conf
+++ b/net/freeswitch-stable/files/freeswitch.conf
@@ -1,8 +1,6 @@
 
 config freeswitch 'general'
        option enabled '0'
-       option user 'freeswitch'
-       option group 'freeswitch'
        option log_stderr '1'
        option log_stdout '1'
        option options '-nonat -np'
diff --git a/net/freeswitch-stable/files/freeswitch.init b/net/freeswitch-stable/files/freeswitch.init
index aeab073bf25c25dca679381346476d36204c9422..12d7ec6a9cd93899598e91a62f6831a71da06a0f 100644 (file)
--- a/net/freeswitch-stable/files/freeswitch.init
+++ b/net/freeswitch-stable/files/freeswitch.init
@@ -13,26 +13,9 @@ COMMAND=/usr/bin/$NAME
 LOGGER="/usr/bin/logger -p user.err -s -t $NAME --"
 
 start_service() {
-  local dir
-  local enabled
-
-  local user
-  local group
-
-  local log_stderr
-  local log_stdout
-
-  local dir_cache
-  local dir_db
-  local dir_etc=/etc/$NAME
-  local dir_localstate=/var/lib/$NAME
-  local dir_log
-  local dir_recordings
-  local dir_run=/var/run/$NAME
-  local dir_storage
-  local dir_temp
-
-  local options
+  dir_etc=/etc/$NAME
+  dir_localstate=/var/lib/$NAME
+  dir_run=/var/run/$NAME
 
   config_load $NAME
 
@@ -42,9 +25,6 @@ start_service() {
     exit 1
   fi
 
-  config_get user  general user  $NAME
-  config_get group general group $NAME
-
   config_get_bool log_stderr general log_stderr 1
   config_get_bool log_stdout general log_stdout 1
 
@@ -55,54 +35,34 @@ start_service() {
   config_get dir_storage    directories storage    /tmp/$NAME/storage
   config_get dir_temp       directories temp       /tmp/$NAME/temp
 
-  user_exists "$user" || {
-    $LOGGER user \""$user"\" does not exist
-    exit 1
-  }
-
-  group_exists "$group" || {
-    $LOGGER group \""$group"\" does not exist
-    exit 1
-  }
-
-  # do not touch directories that already exist
-  # posix shell does not support arrays, hence using awk
-  awk \
-    -v user="$user" \
-    -v group="$group" \
-    -v a="$dir_cache" \
-    -v b="$dir_db" \
-    -v c="$dir_localstate" \
-    -v d="$dir_log" \
-    -v e="$dir_recordings" \
-    -v f="$dir_run" \
-    -v g="$dir_storage" \
-    -v h="$dir_temp" \
-    '
-      BEGIN {
-        dir[0]=a
-        dir[1]=b
-        dir[2]=c
-        dir[3]=d
-        dir[4]=e
-        dir[5]=f
-        dir[6]=g
-        dir[7]=h
-        for (x in dir) {
-          if (system("test ! -e \"" dir[x] "\"" )) {
-            delete dir[x]
-          }
-        }
-        for (x in dir) {
-          system("mkdir -p \"" dir[x] "\"" )
-          system("chmod 750 \"" dir[x] "\"" )
-          system("chown \"" user "\":\"" group "\" \"" dir[x] "\"" )
-        }
-      }
-    '
-
   config_get options general options
 
+  for i in "$dir_localstate" "$dir_run"; do
+    if ! [ -e "$i" ]; then
+      mkdir -m 0750 -p "$i"
+      [ -d "$i" ] && chown $NAME:$NAME "$i"
+    fi
+  done
+
+  command -v su >/dev/null
+  ret=$?
+  if [ 0 != "$ret" ]; then
+    $LOGGER utility \"su\" not available
+    $LOGGER will not attempt to create directories
+  else
+    for i in "$dir_cache" \
+             "$dir_db" \
+             "$dir_log" \
+             "$dir_recordings" \
+             "$dir_storage" \
+             "$dir_temp";
+    do
+      if ! [ -e "$i" ]; then
+        su -s /bin/sh -c "mkdir -m 0750 -p \"$i\"" $NAME
+      fi
+    done
+  fi
+
   procd_open_instance
   # starting with full path seems cleaner judging by 'ps' output
   procd_set_param command $COMMAND
@@ -111,13 +71,13 @@ start_service() {
     -cache "$dir_cache" \
     -conf "$dir_etc" \
     -db "$dir_db" \
-    -g "$group" \
+    -g "$NAME" \
     -log "$dir_log" \
     -recordings "$dir_recordings" \
     -run "$dir_run" \
     -storage "$dir_storage" \
     -temp "$dir_temp" \
-    -u "$user" \
+    -u "$NAME" \
     $options \
     -c
   # forward stderr to logd
@@ -126,4 +86,3 @@ start_service() {
   procd_set_param stdout $log_stdout
   procd_close_instance
 }
-
Mirror of telephony feed