Package: munin-node
Version: 2.0.34-3
Severity: normal
--- Please enter the report below this line. ---
systemd db256aab13 broke munin-node.
> core: be stricter when handling PID files and MAINPID sd_notify()
> messages
>
> Let's be more restrictive when validating PID files and MAINPID=
>
> messages: don't accept PIDs that make no sense, and if the configuration
>
> source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
>
> source is considered trusted when the PID file is owned by root, or the
>
> message was received from root.
>
>
> This should lock things down a bit, in case service authors write out
>
> PID files from unprivileged code or use NotifyAccess=all with
>
> unprivileged code. Note that doing so was always problematic, just now
>
> it's a bit less problematic.
>
>
> When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
>
> logic, to ensure that we won't follow an unpriviled-owned symlink to a
>
> privileged-owned file thinking this was a valid privileged PID file,
>
> even though it really isn't.
>
>
> Fixes: #6632
>
That should teach me a lessen to follow systemd updates!
I don't even understand the problem, the pid file is no symlink and is owned by
root.
chase_symlinks() appears a massive fluke to me.
--- System information. ---
Architecture:
Kernel: Linux 4.14.0-14.1-liquorix-amd64
Debian Release: buster/sid
510 unstableliquorix.net
510 unstableftp.de.debian.org
510 unstabledl.winehq.org
510 unstabledeb-multimedia.org
510 testing ftp.de.debian.org
509 experimentalftp.de.debian.org
502 zesty ppa.launchpad.net
502 yakkety ppa.launchpad.net
500 zesty build.openmodelica.org
500 stable ftp.de.debian.org
500 stable dl.google.com
--- Package information. ---
Depends(Version) | Installed
-+-==
perl | 5.26.1-4
gawk | 1:4.1.4+dfsg-1+b1
libnet-server-perl | 2.008-4
lsb-base(>= 4.1) | 9.20170808
munin-common (>= 2.0.34-3) | 2.0.34-3
munin-plugins-core | 2.0.34-3
procps | 2:3.3.12-3
Recommends (Version) | Installed
==-+-===
libnet-snmp-perl | 6.0.1-3
munin-plugins-extra| 2.0.34-3
Suggests (Version) | Installed
===-+-===
acpi|
OR lm-sensors | 1:3.4.0-4
ethtool | 1:4.11-1
hdparm | 9.53+ds-1
libcrypt-ssleay-perl|
libdbd-pg-perl |
liblwp-useragent-determined-perl|
libnet-irc-perl |
libtext-csv-xs-perl |
libwww-perl | 6.31-1
libxml-simple-perl | 2.24-1
logtail |
munin | 2.0.34-3
munin-plugins-java |
default-mysql-client|
net-tools | 1.60+git20161116.90da8a0-1
python | 2.7.14-4
ruby| 1:2.3.3
smartmontools | 6.5+svn4324-1