Hi! On Mon, 2014-09-01 at 15:27:09 -0700, Will Conley wrote: > Package: dpkg > Version: 1.17.13 > Severity: normal
> If the options --umask and --make-pidfile are both used when calling > start-stop-daemon --start, the umask is set before the pidfile is created. If > this umask is restrictive (e.g. 0007) then this leads to a pidfile being > created that is not even readable by unprivileged users. This means that only > root will be able to successfully check the status of a service with a > command > like "service foo status". Ah, indeed, nicely spotted. And thanks for the patch! > Since it is easy for any user to find the PID of any running process (with > ps), I don't think there is any security issue with making all pidfiles > world-readable. Indeed, a quick check of both my Debian systems reveals that, > other than the one offending service that caused me to notice this problem > (deluged*), all other pidfiles in /run have permissions of 0644, consistent > with the default umask of 0022. Sure. > A quick look at the source of start-stop-daemon reveals that the umask is > applied immediately before calling "create-pidfile". Simply changing the > order > of these two blocks of code fixes the problem. For your convenience, I have > attached a patch that does this. As I'm going to be fixing the --make-pidfile and --background race bug, this should automatically get fixed by that as a side-effect, as the make file code needs to be moved way earlier probably. Thanks, Guillem -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

