Package: release.debian.org User: release.debian....@packages.debian.org Usertags: pu Tags: buster Severity: normal
Dear RT In buster, ndppd has a world writable pid file. This prevent the daemon to be stop/restarted, which is a real pain when you set it up. I would like to backport the fix from testing. Attached the proposal. Do you think this is ok? -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru ndppd-0.2.5/debian/changelog ndppd-0.2.5/debian/changelog --- ndppd-0.2.5/debian/changelog 2018-11-16 17:26:06.000000000 +0100 +++ ndppd-0.2.5/debian/changelog 2019-10-17 10:21:15.000000000 +0200 @@ -1,3 +1,12 @@ +ndppd (0.2.5-4+deb10u1) buster; urgency=medium + + * Patch to avoid word writable pid file, that was breaking daemon init + scripts. (Closes: #942117) + * postinst script fixing pid file permissions for pre 0.2.5-4+deb10u1 + running daemons. + + -- Jean-Michel Vourgère <nir...@debian.org> Thu, 17 Oct 2019 10:21:15 +0200 + ndppd (0.2.5-4) unstable; urgency=medium * Migrated vcs to salsa. diff -Nru ndppd-0.2.5/debian/patches/pid_perms ndppd-0.2.5/debian/patches/pid_perms --- ndppd-0.2.5/debian/patches/pid_perms 1970-01-01 01:00:00.000000000 +0100 +++ ndppd-0.2.5/debian/patches/pid_perms 2019-10-16 22:48:06.000000000 +0200 @@ -0,0 +1,28 @@ +Description: Umask pid file permissions + Pid file was created with default 666 permissions. This causes security + issues when trying to stop the process. init stopped working because + start-stop-daemon(8) refuses to handle these nasty permissions, since dpkg + version 1.19.3. +Author: Jean-Michel Vourgère <nir...@debian.org> +Bug-Debian: https://bugs.debian.org/942117 +Bug: https://github.com/DanielAdolfsson/ndppd/issues/56 +Forwarded: yes +Last-Update: 2019-10-12 + +Index: ndppd-0.2.5/src/ndppd.cc +=================================================================== +--- ndppd-0.2.5.orig/src/ndppd.cc ++++ ndppd-0.2.5/src/ndppd.cc +@@ -274,10 +274,12 @@ int main(int argc, char* argv[], char* e + return -1; + + if (!pidfile.empty()) { ++ mode_t old_umask = umask(022); + std::ofstream pf; + pf.open(pidfile.c_str(), std::ios::out | std::ios::trunc); + pf << getpid() << std::endl; + pf.close(); ++ umask(old_umask); + } + + // Time stuff. diff -Nru ndppd-0.2.5/debian/patches/series ndppd-0.2.5/debian/patches/series --- ndppd-0.2.5/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ ndppd-0.2.5/debian/patches/series 2019-10-16 22:48:06.000000000 +0200 @@ -0,0 +1 @@ +pid_perms diff -Nru ndppd-0.2.5/debian/postinst ndppd-0.2.5/debian/postinst --- ndppd-0.2.5/debian/postinst 1970-01-01 01:00:00.000000000 +0100 +++ ndppd-0.2.5/debian/postinst 2019-10-17 10:19:32.000000000 +0200 @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +case "$1" in + configure) + if [ -n "$2" ] && dpkg --compare-versions "$2" lt-nl 0.2.5-4+deb10u1 + then + # Buster version can't be stopped. See #942117 + if [ -f /var/run/ndppd.pid ] + then + chmod 644 /var/run/ndppd.pid + fi + fi + ;; +esac + +#DEBHELPER#
signature.asc
Description: This is a digitally signed message part.