Package: dpkg Version: 1.9.21 Severity: normal Tags: patch The two start-stop-daemon's options --make-pidfile and --chuid are not compatible, because of a very obvious reason: the --chuid option makes start-stop-daemon giving up its root privileges very early, and thus it can not create the /var/run/$DAEMON.pid file later.
That's a pity: the --chuid is nice from a security point of view. I think the setgid() and setuid() calls should be at the end of the code. The included patch does that, and it seems to work nicely. This bug is related to bug <http://bugs.debian.org/151800>, which also includes a similar "reordering" patch. --- start-stop-daemon.c 2002/08/02 11:34:34 1.1 +++ start-stop-daemon.c 2002/08/02 11:48:41 @@ -1190,14 +1190,6 @@ if (chroot(changeroot) < 0) fatal("Unable to chroot() to %s", changeroot); } - if (changeuser != NULL) { - if (setgid(runas_gid)) - fatal("Unable to set gid to %d", runas_gid); - if (initgroups(changeuser, runas_gid)) - fatal("Unable to set initgroups() with gid %d", runas_gid); - if (setuid(runas_uid)) - fatal("Unable to set uid to %s", changeuser); - } if (background) { /* ok, we need to detach this process */ int i, fd; @@ -1256,6 +1248,14 @@ fprintf(pidf, "%d\n", pidt); fclose(pidf); } + if (changeuser != NULL) { + if (setgid(runas_gid)) + fatal("Unable to set gid to %d", runas_gid); + if (initgroups(changeuser, runas_gid)) + fatal("Unable to set initgroups() with gid %d", runas_gid); + if (setuid(runas_uid)) + fatal("Unable to set uid to %s", changeuser); + } execv(startas, argv); fatal("Unable to start %s: %s", startas, strerror(errno)); } -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux cartman 2.2.20 #1 lun avr 15 11:36:21 CEST 2002 i686 Locale: LANG=C, LC_CTYPE=fr_FR Versions of packages dpkg depends on: ii libc6 2.2.5-6 GNU C Library: Shared libraries an ii libncurses5 5.2.20020112a-7 Shared libraries for terminal hand ii libstdc++2.10-glibc2.2 1:2.95.4-7 The GNU stdc++ library
