This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7afd25e72f447a4a4b130f38bba28ff6661cbb6c commit 7afd25e72f447a4a4b130f38bba28ff6661cbb6c Author: Guillem Jover <[email protected]> AuthorDate: Fri Sep 14 21:35:16 2018 +0200 man: Add a warning in s-s-d(8) about using --pidfile alone with non-root files Prompted-by: Michael Orlitzky <[email protected]> Ref: https://redmine.kannel.org/issues/771 --- debian/changelog | 2 ++ man/start-stop-daemon.man | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index ef297822c..2d2cf974c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -204,6 +204,8 @@ dpkg (1.19.1) UNRELEASED; urgency=medium - Fix man page markup. Closes: #900033, #900035, #900040 Thanks to Bjarni Ingi Gislason <[email protected]>. - Fix Doxygen comment for libdpkg dpkg_arch_find() function. + - Document the dangers of using start-stop-daemon(8) only with --pidfile + as matching option with the pid file owned by a non-privileged user. * Code internals: - Do not use stringy eval to define different sub implementations, just assign an anonymous sub to the typeglob. diff --git a/man/start-stop-daemon.man b/man/start-stop-daemon.man index cb01cff19..2391d5e9f 100644 --- a/man/start-stop-daemon.man +++ b/man/start-stop-daemon.man @@ -116,9 +116,17 @@ Check for a process with the specified parent pid \fIppid\fP The \fIppid\fP must be a number greater than 0. .TP .BR \-p ", " \-\-pidfile " \fIpid-file\fP" -Check whether a process has created the file \fIpid-file\fP. Note: using this -matching option alone might cause unintended processes to be acted on, if the -old process terminated without being able to remove the \fIpid-file\fP. +Check whether a process has created the file \fIpid-file\fP. +.IP +Note: using this matching option alone might cause unintended processes to +be acted on, if the old process terminated without being able to remove the +\fIpid-file\fP. +.IP +\fBWarning:\fP Using this match option alone with a daemon that writes the +pidfile as an unprivileged user is a security risk, because if the daemon +gets compromised the contents of the pidfile cannot be trusted, and then +a privileged runner (such as an init script executed as root) would end up +acting on any system process. .TP .BR \-x ", " \-\-exec " \fIexecutable\fP" Check for processes that are instances of this \fIexecutable\fP. The -- Dpkg.Org's dpkg
