From 902a5e994e37f26a4413c0670fe432b74808ee61 Mon Sep 17 00:00:00 2001
From: fbt <fbt@fleshless.org>
Date: Tue, 6 Jan 2015 02:17:49 +0300
Subject: [PATCH 1/2] devfs-permissions is laughably inadequate

---
 conf.d/devfs-permissions.sh |  8 --------
 init.d/devfs-permissions    | 17 -----------------
 2 files changed, 25 deletions(-)
 delete mode 100644 conf.d/devfs-permissions.sh
 delete mode 100755 init.d/devfs-permissions

diff --git a/conf.d/devfs-permissions.sh b/conf.d/devfs-permissions.sh
deleted file mode 100644
index 76ff4af..0000000
--- a/conf.d/devfs-permissions.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env watchman
-# Config for devfs-permissions
-
-cfg_devices=(
-			  '/dev/snd;root:audio;770'
-			  '/dev/dri;root:video;770'
-			  '/dev/fuse;root:root;777'
-			)
diff --git a/init.d/devfs-permissions b/init.d/devfs-permissions
deleted file mode 100755
index ea7369e..0000000
--- a/init.d/devfs-permissions
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env watchman
-# This is a script to set up the right permissions in /dev in absence of e?(u|s?m)dev.
-
-service_type='oneshot'
-
-# Config moved to conf.d
-
-spawn() {
-	for d in "${cfg_devices[@]}"; do
-		IFS=';' read device owner perms <<< "$d"
-
-		[[ -e "$device" ]] && {
-			chown -R "$owner" "$device"
-			chmod -R "$perms" "$device"
-		}
-	done
-}

From 8bab91cc17169810b099ffc3b63066f6ceda9cdb Mon Sep 17 00:00:00 2001
From: fbt <fbt@fleshless.org>
Date: Thu, 8 Jan 2015 12:25:38 +0300
Subject: [PATCH 2/2] Enforcing separation of the command and its args and full
 command paths

---
 init.d/bitflu   | 2 +-
 init.d/hostname | 2 +-
 init.d/lo.iface | 3 ++-
 init.d/pamusb   | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/init.d/bitflu b/init.d/bitflu
index c8f56a2..4d81d83 100755
--- a/init.d/bitflu
+++ b/init.d/bitflu
@@ -2,7 +2,7 @@
 
 #service_respawn='true'
 service_username='torrent'
-service_command='sudo'
+service_command='/usr/bin/sudo'
 service_args="-u $service_username -- /usr/bin/bitflu --config=/etc/bitflu.cfg"
 
 start() {
diff --git a/init.d/hostname b/init.d/hostname
index 880bb44..a704149 100644
--- a/init.d/hostname
+++ b/init.d/hostname
@@ -8,5 +8,5 @@ fi
 [[ "$cfg_hostname" ]] || { cfg_hostname='localhost'; }
 
 service_type='oneshot'
-service_command='hostname'
+service_command='/usr/bin/hostname'
 service_args="$cfg_hostname"
diff --git a/init.d/lo.iface b/init.d/lo.iface
index 2ad1484..455faac 100755
--- a/init.d/lo.iface
+++ b/init.d/lo.iface
@@ -3,7 +3,8 @@
 cfg_iface="${service_name%%.*}"
 
 service_type='oneshot'
-service_command="ip link set $cfg_iface up"
+service_command='/usr/bin/ip'
+service_args="link set $cfg_iface up"
 
 wait_for_iface() {
 	local iface="$1" timer='0' timeout='6'
diff --git a/init.d/pamusb b/init.d/pamusb
index c7ada0c..d8fbc6e 100755
--- a/init.d/pamusb
+++ b/init.d/pamusb
@@ -1,5 +1,5 @@
 #!/usr/bin/env watchman
 
-service_command='mkdir'
+service_command='/usr/bin/mkdir'
 service_args='-p /run/lock'
 service_type='oneshot'