Bug#888976: [munin-node] systemd 237 errors out rambling about an unsafe symlink chain

[Lars Kruse]

Hello Marcel,


Am Wed, 31 Jan 2018 21:28:35 +0100
schrieb Marcel Partap :

> That should teach me a lessen to follow systemd updates!

:)


> I don't even understand the problem, the pid file is no symlink and is owned 
> by root. 
> chase_symlinks() appears a massive fluke to me. 

I would like to clean up the issue backlog of munin a bit before buster.

Regarding this issue I am fully with you: I have no idea, what this is about.

So maybe you can help me:
* How can I reproduce the issue?
* What are the effects of this issue?
* Do you have an idea, how we can prevent it?

Cheers,
Lars

Bug#888976: [munin-node] systemd 237 errors out rambling about an unsafe symlink chain

[Marcel Partap]

Package: munin-node
Version: 2.0.34-3
Severity: normal

--- Please enter the report below this line. ---
systemd db256aab13 broke munin-node.
> core: be stricter when handling PID files and MAINPID sd_notify() 
> messages   
> 
> Let's be more restrictive when validating PID files and MAINPID=  
>
> messages: don't accept PIDs that make no sense, and if the configuration  
>
> source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
>
> source is considered trusted when the PID file is owned by root, or the   
>
> message was received from root.   
>
> 
> This should lock things down a bit, in case service authors write out 
>
> PID files from unprivileged code or use NotifyAccess=all with 
>
> unprivileged code. Note that doing so was always problematic, just now
>
> it's a bit less problematic.  
>
> 
> When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()   
>
> logic, to ensure that we won't follow an unpriviled-owned symlink to a
>
> privileged-owned file thinking this was a valid privileged PID file,  
>
> even though it really isn't.  
>
> 
> Fixes: #6632  
>

That should teach me a lessen to follow systemd updates!
I don't even understand the problem, the pid file is no symlink and is owned by 
root. 
chase_symlinks() appears a massive fluke to me. 


--- System information. ---
Architecture: 
Kernel:   Linux 4.14.0-14.1-liquorix-amd64

Debian Release: buster/sid
  510 unstableliquorix.net 
  510 unstableftp.de.debian.org 
  510 unstabledl.winehq.org 
  510 unstabledeb-multimedia.org 
  510 testing ftp.de.debian.org 
  509 experimentalftp.de.debian.org 
  502 zesty   ppa.launchpad.net 
  502 yakkety ppa.launchpad.net 
  500 zesty   build.openmodelica.org 
  500 stable  ftp.de.debian.org 
  500 stable  dl.google.com 

--- Package information. ---
Depends(Version) | Installed
-+-==
perl | 5.26.1-4
gawk | 1:4.1.4+dfsg-1+b1
libnet-server-perl   | 2.008-4
lsb-base(>= 4.1) | 9.20170808
munin-common   (>= 2.0.34-3) | 2.0.34-3
munin-plugins-core   | 2.0.34-3
procps   | 2:3.3.12-3


Recommends   (Version) | Installed
==-+-===
libnet-snmp-perl   | 6.0.1-3
munin-plugins-extra| 2.0.34-3


Suggests  (Version) | Installed
===-+-===
acpi| 
 OR lm-sensors  | 1:3.4.0-4
ethtool | 1:4.11-1
hdparm  | 9.53+ds-1
libcrypt-ssleay-perl| 
libdbd-pg-perl  | 
liblwp-useragent-determined-perl| 
libnet-irc-perl | 
libtext-csv-xs-perl | 
libwww-perl | 6.31-1
libxml-simple-perl  | 2.24-1
logtail | 
munin   | 2.0.34-3
munin-plugins-java  | 
default-mysql-client| 
net-tools   | 1.60+git20161116.90da8a0-1
python  | 2.7.14-4
ruby| 1:2.3.3
smartmontools   | 6.5+svn4324-1