Bug#333066: start stop daemon doesn't work with chroot nor path support (patch joined)
Package: dpkg
Version: 1.13.11
When I run :
start-stop-daemon --start --chroot /var/chroot/somewhere -c
someuser:somegroup --exec /bin/somebin
And I get a start-stop-daemon: stat /bin/somebin: No such file or directory
Because the /bin/somebin doesn't exist in my real tree, only in chroot,
and start-stop-daemon does the stat on file before the chroot...
I made a previous patch (not take in care and lot tested) to do the
check after chroot.
This time I make a new bug report with attached patch and new improvement.
My patch support now to search the binary in the PATH.
Please apply this patch I have tested it a lot, if you don't want PATH
support, just reduce the execstat() fuction to this (as it was before):
if (execname && stat(execname, &exec_stat))
fatal("stat %s: %s", execname, strerror(errno));
This bug is related to (but this bug report, only complain about stat in
chroot without path support):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318771
diff -urNp dpkg-1.13.11/utils/start-stop-daemon.c.orig dpkg-1.13.11/utils/start-stop-daemon.c
--- dpkg-1.13.11/utils/start-stop-daemon.c.orig 2005-10-10 09:42:06.196042944 +0200
+++ dpkg-1.13.11/utils/start-stop-daemon.c 2005-10-10 09:45:38.539761792 +0200
@@ -1166,6 +1166,46 @@ x_finished:
}
}
+static int
+execstat(void)
+{
+ if (execname && stat(execname, &exec_stat))
+ {
+ char* tmp;
+ char* path = strdup((const char *)getenv("PATH"));
+ if (path[0] == 0)
+ return 1;
+ else
+ {
+ if (strchr(path, ':') != NULL)
+ {
+while ((tmp = strsep(&path, ":")))
+{
+ char* buf = malloc((strlen(tmp)+strlen(execname)+2)*sizeof(char));
+ sprintf(buf, "%s/%s", tmp, execname);
+ if (execname && !stat(buf, &exec_stat))
+ {
+ startas = buf;
+ return 0;
+ }
+}
+ }
+ else
+ {
+char* buf = malloc((strlen(path)+strlen(execname)+2)*sizeof(char));
+sprintf(buf, "%s/%s", path, execname);
+if (execname && !stat(buf, &exec_stat))
+{
+ startas = buf;
+ return 0;
+}
+return 1;
+ }
+ }
+ }
+
+ return 0;
+}
int
main(int argc, char **argv)
@@ -1180,7 +1220,7 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
- if (execname && stat(execname, &exec_stat))
+ if (changeroot == NULL && execstat())
fatal("stat %s: %s", execname, strerror(errno));
if (userspec && sscanf(userspec, "%d", &user_id) != 1) {
@@ -1283,6 +1323,8 @@ main(int argc, char **argv)
fatal("Unable to chdir() to %s", changeroot);
if (chroot(changeroot) < 0)
fatal("Unable to chroot() to %s", changeroot);
+ if (execstat())
+ fatal("stat %s: %s", execname, strerror(errno));
}
if (chdir(changedir) < 0)
fatal("Unable to chdir() to %s", changedir);
Bug#318771: I try the patch and it work perfect!!!
You could merge it, it's perfectly working -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#318771: Stupid check in start-stop-daemon that make it impossible to use for chroot
Package: dpkg
Version: 1.10.28
architecture : i386
I have notice a case where start-stop daemon is blocking what should work.
I have to start a service called for example : dangerous
So i build a chroot in something like /var/chroot/dangerous
Then I build the tree :
dangerous
|-- bin
| |-- false
| `-- dangerous
|-- etc
| |-- resolv.conf
| `-- dangerous
| |-- dbconfig
| |-- logs
| | `-- net_out.log
| |-- plugins
| | `-- libluaplugin.so
| |-- scripts
| | |-- start.lua
| | |-- sometext.txt
| `-- triggers
| |-- happy
| |-- linux
| |-- lol
| |-- moon
| |-- house
| |-- mouse
| `-- wazzup
|-- lib
| |-- ld-linux.so.2
| |-- libGeoIP.so.1
| |-- libc.so.6
| |-- libcrypt.so.1
| |-- libcrypto.so.0.9.7
| |-- libdl.so.2
| |-- libgcc_s.so.1
| |-- liblua50.so.5.0
| |-- liblualib50.so.5.0
| |-- libluasocket.so.2.0
| |-- libm.so.6
| |-- libmysqlclient.so.12
| |-- libnsl.so.1
| |-- libnss_dns.so.2
| |-- libpcre.so.3
| |-- libpthread.so.0
| |-- libresolv.so.2
| |-- libssl.so.0.9.7
| |-- libstdc++.so.5
| |-- libverlihub.so.0
| |-- libvhapi.so.0
| `-- libz.so.1
`-- usr
`-- share
|-- GeoIP
| `-- GeoIP.dat
`-- lua50
`-- luasocket.lua
Then I try to start my program with a :
start-stop-daemon --start --chroot /var/chroot/dangerous -c
verlihub:nogroup --exec /bin/dangerous
And I get a start-stop-daemon: stat /bin/dangerous: No such file or
directory
It'a a few stupid no ?
I strace it ans see that the check if binary exist is done before the
chroot and it will never works if the binary is not present at same
place in the system...
I made a small change, if it could be included in next release of dpkg
it would be great
--- utils/start-stop-daemon.c.bak 2004-11-11 04:16:35.0 +0100
+++ utils/start-stop-daemon.c 2005-07-17 17:27:43.633164200 +0200
@@ -1156,8 +1156,10 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
- if (execname && stat(execname, &exec_stat))
- fatal("stat %s: %s", execname, strerror(errno));
+ if (changeroot == NULL) {
+ if (execname && stat(execname, &exec_stat))
+ fatal("stat %s: %s", execname, strerror(errno));
+ }
if (userspec && sscanf(userspec, "%d", &user_id) != 1) {
struct passwd *pw;
@@ -1259,6 +1261,8 @@ main(int argc, char **argv)
fatal("Unable to chdir() to %s", changeroot);
if (chroot(changeroot) < 0)
fatal("Unable to chroot() to %s", changeroot);
+ if (execname && stat(execname, &exec_stat))
+ fatal("stat %s: %s", execname, strerror(errno));
}
if (chdir(changedir) < 0)
fatal("Unable to chdir() to %s", changedir);
ps : I don't wan't to try braking my sarge by upgrading my version of
dpkg to a personal one, so if an updated package with could be avaible
on (even if) an unofficial mirror I would be happy...
ps2 : maybe a nocheck option that avoid check of process and so on could
avoid such trouble in future...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
