Your message dated Wed, 26 Feb 2020 03:07:29 +0100
with message-id <[email protected]>
and subject line Re: Bug#888976: [munin-node] systemd 237 errors out rambling 
about  an unsafe symlink chain
has caused the Debian Bug report #888976,
regarding [munin-node] systemd 237 errors out rambling about an unsafe symlink 
chain
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
888976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888976
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: munin-node
Version: 2.0.34-3
Severity: normal

--- Please enter the report below this line. ---
systemd db256aab13 broke munin-node.
>     core: be stricter when handling PID files and MAINPID sd_notify() 
> messages               
> 
>     Let's be more restrictive when validating PID files and MAINPID=          
>                
>     messages: don't accept PIDs that make no sense, and if the configuration  
>                
>     source is not trusted, don't accept out-of-cgroup PIDs. A configuratin    
>                
>     source is considered trusted when the PID file is owned by root, or the   
>                
>     message was received from root.                                           
>                
> 
>     This should lock things down a bit, in case service authors write out     
>                
>     PID files from unprivileged code or use NotifyAccess=all with             
>                
>     unprivileged code. Note that doing so was always problematic, just now    
>                
>     it's a bit less problematic.                                              
>                
> 
>     When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()   
>                
>     logic, to ensure that we won't follow an unpriviled-owned symlink to a    
>                
>     privileged-owned file thinking this was a valid privileged PID file,      
>                
>     even though it really isn't.                                              
>                
> 
>     Fixes: #6632                                                              
>                

That should teach me a lessen to follow systemd updates!
I don't even understand the problem, the pid file is no symlink and is owned by 
root. 
chase_symlinks() appears a massive fluke to me. 😄


--- System information. ---
Architecture: 
Kernel:       Linux 4.14.0-14.1-liquorix-amd64

Debian Release: buster/sid
  510 unstable        liquorix.net 
  510 unstable        ftp.de.debian.org 
  510 unstable        dl.winehq.org 
  510 unstable        deb-multimedia.org 
  510 testing         ftp.de.debian.org 
  509 experimental    ftp.de.debian.org 
  502 zesty           ppa.launchpad.net 
  502 yakkety         ppa.launchpad.net 
  500 zesty           build.openmodelica.org 
  500 stable          ftp.de.debian.org 
  500 stable          dl.google.com 

--- Package information. ---
Depends                    (Version) | Installed
====================================-+-==============
perl                                 | 5.26.1-4
gawk                                 | 1:4.1.4+dfsg-1+b1
libnet-server-perl                   | 2.008-4
lsb-base                    (>= 4.1) | 9.20170808
munin-common           (>= 2.0.34-3) | 2.0.34-3
munin-plugins-core                   | 2.0.34-3
procps                               | 2:3.3.12-3


Recommends               (Version) | Installed
==================================-+-===========
libnet-snmp-perl                   | 6.0.1-3
munin-plugins-extra                | 2.0.34-3


Suggests                              (Version) | Installed
===============================================-+-===========
acpi                                            | 
 OR lm-sensors                                  | 1:3.4.0-4
ethtool                                         | 1:4.11-1
hdparm                                          | 9.53+ds-1
libcrypt-ssleay-perl                            | 
libdbd-pg-perl                                  | 
liblwp-useragent-determined-perl                | 
libnet-irc-perl                                 | 
libtext-csv-xs-perl                             | 
libwww-perl                                     | 6.31-1
libxml-simple-perl                              | 2.24-1
logtail                                         | 
munin                                           | 2.0.34-3
munin-plugins-java                              | 
default-mysql-client                            | 
net-tools                                       | 1.60+git20161116.90da8a0-1
python                                          | 2.7.14-4
ruby                                            | 1:2.3.3
smartmontools                                   | 6.5+svn4324-1

--- End Message ---
--- Begin Message ---
Hello,

since there were no further comments, I assume, that the reported issue was
fixed in systemd or does not affect the default munin installation.

Anyone being able to provide more details: please re-open this issue.
(or create a new one)

Cheers,
Lars

--- End Message ---

Reply via email to