Bug#144484: start-stop-daemon bad chroot handling

Thu, 25 Apr 2002 05:18:25 -0500 

Package: dpkg
Version: 1.9.20

Hi,

in start-stop-daemon the chroot handling has a litlle bug (can't stop process). 
It checks executable file and pid file in main filesystem not under jail:

execve("/sbin/start-stop-daemon", ["start-stop-daemon", 
"--chroot","/usr/local/ldap_jail", "--start", "-v",
+"--pidfile", "/var/run/slapd.pid", "--exec", "/usr/sbin/slapd"], [/* 31 vars 
*/]) = 0
...
>>>>we are in main filesystem not in jail!
stat64("/usr/sbin/slapd", {st_mode=S_IFREG|0755, st_size=400216, ...}) = 0
...
>>>>we are in main filesystem not in jail!
open("/var/run/slapd.pid", O_RDONLY)    = -1 ENOENT (No such file or directory)
...
chroot("/usr/local/ldap_jail")          = 0
>>>>we are now in jail!
...

Fari

-------------------------------------------------------------------------------

Here is a little patch to solve this problem

--- ./start-stop-daemon.c.Orig  Mon May 14 00:01:28 2001
+++ ./start-stop-daemon.c       Wed Apr 24 00:50:27 2002
@@ -101,7 +101,7 @@
 static const char *cmdname = NULL;
 static char *execname = NULL;
 static char *startas = NULL;
-static const char *pidfile = NULL;
+static char *pidfile = NULL;
 static char what_stop[1024];
 static const char *schedule_str = NULL;
 static const char *progname = "";
@@ -1039,12 +1039,30 @@
 int
 main(int argc, char **argv)
 {
+       char    *orig_execname;
+       char    *orig_pidfile;
+
        progname = argv[0];
 
        parse_options(argc, argv);
        argc -= optind;
        argv += optind;
 
+       orig_execname = execname;
+       orig_pidfile = pidfile;
+       if (changeroot != NULL) {
+               if (execname != NULL) {
+                       execname = 
xmalloc(strlen(changeroot)+strlen(execname)+1);
+                       strcat(execname, changeroot);
+                       strcat(execname, orig_execname);
+               }
+               if (pidfile != NULL) {
+                       pidfile = xmalloc(strlen(changeroot)+strlen(pidfile)+1);
+                       strcat(pidfile, changeroot);
+                       strcat(pidfile, orig_pidfile);
+               }
+       }
+
        if (execname && stat(execname, &exec_stat))
                fatal("stat %s: %s", execname, strerror(errno));
 
@@ -1114,6 +1132,16 @@
                if (chroot(changeroot) < 0)
                        fatal("Unable to chroot() to %s", changeroot);
        }
+
+       if (pidfile != orig_pidfile) {
+               free(pidfile);
+               pidfile = orig_pidfile;
+       }
+       if (execname != orig_execname) {
+               free(execname);
+               execname = orig_execname;
+       }
+       
        if (changeuser != NULL) {
                if (setgid(runas_gid))
                        fatal("Unable to set gid to %d", runas_gid);

Attachment: pgp91SWvcFHI3.pgp
Description: PGP signature

Reply via email to