severity 844283 normal tags 844283 upstream fixed-upstream thanks
Hi Paul, thanks for the hint. Interestingly it seems that q() is somehow working - at least if there is no EOL marker '$' in use (see also the attachment). So the broken default config was there since the beginning but it was not recorgnized since most of the regex did work, although the quotation was broken. The default configuration has been fixed upstream. I do not think that this bug should have a severity of serious since it is only a bug in the config file which breaks some of the regex. Although this makes needrestart report some false positives it does not break functionality nor security. HTH, Tho-facepalming-mas Paul Wise <p...@debian.org> writes: > Package: needrestart > Version: 2.10-1 > Severity: serious > > needrestart uses the wrong Perl quote function for regexps in > configuration file. It is using q but should be using qr > (quote regexps). This means that all of the regexp options are > potentially broken, but blacklist_mappings definitely is: > > http://perldoc.perl.org/perlop.html#Quote-and-Quote-like-Operators > http://perldoc.perl.org/perlop.html#Regexp-Quote-Like-Operators > > # checkrestart -v > Found 0 processes using old versions of upgraded files > # needrestart -v > [main] eval /etc/needrestart/needrestart.conf > [main] running in root-mode > [Core] Using UI 'NeedRestart::UI::stdio'... > [main] detected systemd > ... > [main] #27891 uses deleted /run/user/1000/orcexec.OVkLUB > [main] #27891 is not a child > ... > [main] #27891 exe => /usr/bin/pulseaudio > [main] #27891 part of user session: uid=1000 sess=17 > ... > User sessions running outdated binaries: > pabs @ session #17: pulseaudio[27891] > ... > # lsof -p 27891 | grep orc > pulseaudi 27891 pabs DEL REG 0,43 253423 > /run/user/1000/orcexec.OVkLUB > pulseaudi 27891 pabs mem REG 253,1 517176 26870717 > /usr/lib/x86_64-linux-gnu/liborc-0.4.so.0.25.0 > # grep orc /proc/27891/maps > 7fe198010000-7fe198020000 rw-s 00000000 00:2b 253423 > /run/user/1000/orcexec.OVkLUB (deleted) > 7fe198020000-7fe198030000 r-xs 00000000 00:2b 253423 > /run/user/1000/orcexec.OVkLUB (deleted) > 7fe19b5eb000-7fe19b664000 r-xp 00000000 fd:01 26870717 > /usr/lib/x86_64-linux-gnu/liborc-0.4.so.0.25.0 > 7fe19b664000-7fe19b863000 ---p 00079000 fd:01 26870717 > /usr/lib/x86_64-linux-gnu/liborc-0.4.so.0.25.0 > 7fe19b863000-7fe19b865000 r--p 00078000 fd:01 26870717 > /usr/lib/x86_64-linux-gnu/liborc-0.4.so.0.25.0 > 7fe19b865000-7fe19b869000 rw-p 0007a000 fd:01 26870717 > /usr/lib/x86_64-linux-gnu/liborc-0.4.so.0.25.0 > # grep -r orc /etc/needrestart/ > /etc/needrestart/needrestart.conf: q(/orcexec\.[\w\d]+( \(deleted\))?$), > # grep -P '/orcexec\.[\w\d]+( \(deleted\))?$' /proc/27891/maps > 7fe198010000-7fe198020000 rw-s 00000000 00:2b 253423 > /run/user/1000/orcexec.OVkLUB (deleted) > 7fe198020000-7fe198030000 r-xs 00000000 00:2b 253423 > /run/user/1000/orcexec.OVkLUB (deleted) > # cat test.pl > my %nrconf; > my $pid = '27891'; > $nrconf{blacklist_mappings_q} = [q(/orcexec\.[\w\d]+( \(deleted\))?$),]; > $nrconf{blacklist_mappings_qr} = [qr(/orcexec\.[\w\d]+( \(deleted\))?$),]; > if(open(HMAP, '<', "/proc/$pid/maps")) { > while(<HMAP>) { > chomp; > my ($maddr, $mperm, $moffset, $mdev, $minode, $path) = > split(/\s+/, $_, 6); > if ($path =~ /orc/){ > print "Path: $path"; > print " blacklisted_q" if(scalar grep { $path =~ $_; } > @{$nrconf{blacklist_mappings_q}}); > print " blacklisted_qr" if(scalar grep { $path =~ $_; } > @{$nrconf{blacklist_mappings_qr}}); > print "\n"; > } > } > } > # perl test.pl > Path: /run/user/1000/orcexec.OVkLUB (deleted) blacklisted_qr > Path: /run/user/1000/orcexec.OVkLUB (deleted) blacklisted_qr > Path: /usr/lib/x86_64-linux-gnu/liborc-0.4.so.0.25.0 > Path: /usr/lib/x86_64-linux-gnu/liborc-0.4.so.0.25.0 > Path: /usr/lib/x86_64-linux-gnu/liborc-0.4.so.0.25.0 > Path: /usr/lib/x86_64-linux-gnu/liborc-0.4.so.0.25.0 > # sed -n /orc/p /etc/needrestart/needrestart.conf > q(/orcexec\.[\w\d]+( \(deleted\))?$), > # sed -i '/orc/s/q/qr/' /etc/needrestart/needrestart.conf > # sed -n /orc/p /etc/needrestart/needrestart.conf > qr(/orcexec\.[\w\d]+( \(deleted\))?$), > # needrestart -v > [main] eval /etc/needrestart/needrestart.conf > [main] running in root-mode > [Core] Using UI 'NeedRestart::UI::stdio'... > [main] detected systemd > ... > No user sessions are running outdated binaries. > > -- System Information: > Debian Release: stretch/sid > APT prefers testing-debug > APT policy: (900, 'testing-debug'), (900, 'testing'), (800, > 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, > 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages needrestart depends on: > ii dpkg 1.18.10 > ii gettext-base 0.19.8.1-1 > ii libintl-perl 1.26-2 > ii libmodule-find-perl 0.13-1 > ii libmodule-scandeps-perl 1.22-1 > ii libproc-processtable-perl 0.53-2 > ii libsort-naturally-perl 1.03-1 > ii libterm-readkey-perl 2.37-1 > ii perl 5.24.1~rc3-3 > ii xz-utils 5.2.2-1.2 > > needrestart recommends no packages. > > Versions of packages needrestart suggests: > ii libnotify-bin 0.7.7-1 > ii needrestart-session 0.3-2 > > -- no debconf information > > -- > bye, > pabs > > https://wiki.debian.org/PaulWise -- :: WWW: https://fiasko-nw.net/~thomas/ :: ::: Jabber: xmpp:tho...@jabber.fiasko-nw.net ::: :: flickr: https://www.flickr.com/photos/laugufe/ ::
