Bug#921558: lsb-base: killproc does not pass name parameter to start-stop-daemon
Le mercredi, 13 mars 2019, 18.17:34 h CET Dmitry Bogatov a écrit : > [2019-03-11 21:51] Axel Beckert > > > I believe it would be reasonable to add '--name $base' into `else' > > > clause. Opinions? > > > > Sounds sane, I just checked that with #924311 (miredo, uses > > start-stop-daemon directly, edited the init script) as well as #924312 > > (stunnel4, by editing /lib/lsb/init-functions) and it worked in both > > cases. > > > > Here's the change I made to /lib/lsb/init-functions (as Dmitry already > > suggested): Great. Thanks for the tests, you got me convinced. :-) > Okay. Should I NMU or not? Anybody know what is the current status of > maintenance? I'll upload tonight, crediting the patch to Dmitry. Regarding the maintenance status of src:lsb: I'm only keeping an (opinionated) eye on it, to avoid having it orphaned (hence my upload of tonight). But really, it is up for adoption. I should perhaps make that clearer by removing myself from uploader. Opinions? Cheers, and thanks again for the testing! OdyX signature.asc Description: This is a digitally signed message part.
Bug#921558: lsb-base: killproc does not pass name parameter to start-stop-daemon
Hi there Andreas,
Le mercredi, 6 février 2019, 20.20:54 h CET Andreas Metzler a écrit :
> there is a logic error in /lib/lsb/init-functions's killproc:
>
> base=${1##*/}
> if [ ! $pidfile ]; then
> name_param="--name $base --pidfile /var/run/$base.pid"
> else
> name_param="--pidfile $pidfile"
> fi
This is there since 3.2-20, 10+ years ago:
In 2.0-5 (2005-01-30):
if [ ! $pidfile ]; then
pidfile=/var/run/$(basename "$1").pid
fi
In 3.0-11 (2005-10-27):
base=$(basename "$1")
if [ ! $pidfile ]; then
pidfile=/var/run/$base.pid
fi
In 3.1-20 (2006-11-16):
"Don't use --name in killproc() when a pidfile is provided (Closes: #397977)"
base=${1##*/}
if [ ! $pidfile ]; then
pidfile=/var/run/$base.pid
name_param="--name $base"
fi
In 3.2-16 (2008-08-01):
"Fix behavior of killproc and pidofproc when no pidfile is passed in."
base=${1##*/}
if [ ! $pidfile ]; then
name_param="--name $base"
else
name_param="--pidfile $pidfile"
fi
In 3.2-20 (2008-08-18):
"pidofproc now also checks for /var/run/$base.pid if -p is not specified,
fixing conformance with the spec."
base=${1##*/}
if [ ! $pidfile ]; then
name_param="--name $base --pidfile /var/run/$base.pid"
else
name_param="--pidfile $pidfile"
fi
I'm just pointing out that it's an old bug; and that makes me uncomfortable to
fix it, especially for a shell script installed on virtually _all_ Debian
hosts.
> The if clause checks for nonempty $pidfile instead of nonempty $base to
> decide whether --name is used.
>
> Also --pidfile $pidfile is always used, even when $pidfile is empty.
… but arguably, the code is bogus. :-)
(Will answer to other points down the thread)
Cheers,
OdyX
Bug#921558: lsb-base: killproc does not pass name parameter to start-stop-daemon
[2019-03-11 21:51] Axel Beckert
> > I believe it would be reasonable to add '--name $base' into `else'
> > clause. Opinions?
>
> Sounds sane, I just checked that with #924311 (miredo, uses
> start-stop-daemon directly, edited the init script) as well as #924312
> (stunnel4, by editing /lib/lsb/init-functions) and it worked in both
> cases.
>
> Here's the change I made to /lib/lsb/init-functions (as Dmitry already
> suggested):
Okay. Should I NMU or not? Anybody know what is the current status of
maintenance?
> --- /lib/lsb/init-functions~2018-11-28 20:21:37.0 +0100
> +++ /lib/lsb/init-functions 2019-03-11 21:46:41.673767215 +0100
> @@ -141,7 +141,7 @@
> if [ ! $pidfile ]; then
> name_param="--name $base --pidfile /var/run/$base.pid"
> else
> -name_param="--pidfile $pidfile"
> +name_param="--name $base --pidfile $pidfile"
> fi
>
> sig=$(echo ${2:-} | sed -e 's/^-\(.*\)/\1/')
--
Note, that I send and fetch email in batch, once every 24 hours.
If matter is urgent, try https://t.me/kaction
--
Bug#921558: lsb-base: killproc does not pass name parameter to start-stop-daemon
On 2019-03-11 Axel Beckert wrote:
[...]
> Here's the change I made to /lib/lsb/init-functions (as Dmitry already
> suggested):
> --- /lib/lsb/init-functions~2018-11-28 20:21:37.0 +0100
> +++ /lib/lsb/init-functions 2019-03-11 21:46:41.673767215 +0100
> @@ -141,7 +141,7 @@
> if [ ! $pidfile ]; then
> name_param="--name $base --pidfile /var/run/$base.pid"
> else
> -name_param="--pidfile $pidfile"
> +name_param="--name $base --pidfile $pidfile"
> fi
> sig=$(echo ${2:-} | sed -e 's/^-\(.*\)/\1/')
> It though wouldn't hurt if e.g. Andreas could check if this change
> would have fixed the issue in exim as well.
Hello Axel,
yes, it would have fixed the exim issue, too.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Bug#921558: lsb-base: killproc does not pass name parameter to start-stop-daemon
Control: tag -1 + patch
Hi Dmitry,
Dmitry Bogatov wrote:
> > base=${1##*/}
> > if [ ! $pidfile ]; then
> > name_param="--name $base --pidfile /var/run/$base.pid"
> > else
> > name_param="--pidfile $pidfile"
> > fi
> >
> > The if clause checks for nonempty $pidfile instead of nonempty $base to
> > decide whether --name is used.
> >
> > Also --pidfile $pidfile is always used, even when $pidfile is empty.
> >
> > I am reportig this as serious since sid's start-stop-daemon requires a
> > name parameter in addition to --pidfile when the pidfile is not owned by
> > root, therefore this bug causes init script failures. (#921205)
#924312 was another one I filed earlier today. Just forcemerged it
into this.
> I believe it would be reasonable to add '--name $base' into `else'
> clause. Opinions?
Sounds sane, I just checked that with #924311 (miredo, uses
start-stop-daemon directly, edited the init script) as well as #924312
(stunnel4, by editing /lib/lsb/init-functions) and it worked in both
cases.
Here's the change I made to /lib/lsb/init-functions (as Dmitry already
suggested):
--- /lib/lsb/init-functions~2018-11-28 20:21:37.0 +0100
+++ /lib/lsb/init-functions 2019-03-11 21:46:41.673767215 +0100
@@ -141,7 +141,7 @@
if [ ! $pidfile ]; then
name_param="--name $base --pidfile /var/run/$base.pid"
else
-name_param="--pidfile $pidfile"
+name_param="--name $base --pidfile $pidfile"
fi
sig=$(echo ${2:-} | sed -e 's/^-\(.*\)/\1/')
It though wouldn't hurt if e.g. Andreas could check if this change
would have fixed the issue in exim as well.
Regards, Axel
--
,''`. | Axel Beckert , https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
signature.asc
Description: Digital signature
Bug#921558: lsb-base: killproc does not pass name parameter to start-stop-daemon
control: tags -1 +moreinfo
[2019-02-06 20:20] Andreas Metzler
> Package: lsb-base
> Version: 10.2018112800
> Severity: serious
>
> Hello,
>
> there is a logic error in /lib/lsb/init-functions's killproc:
>
> base=${1##*/}
> if [ ! $pidfile ]; then
> name_param="--name $base --pidfile /var/run/$base.pid"
> else
> name_param="--pidfile $pidfile"
> fi
>
> The if clause checks for nonempty $pidfile instead of nonempty $base to
> decide whether --name is used.
>
> Also --pidfile $pidfile is always used, even when $pidfile is empty.
>
> I am reportig this as serious since sid's start-stop-daemon requires a
> name parameter in addition to --pidfile when the pidfile is not owned by
> root, therefore this bug causes init script failures. (#921205)
[ I am not familiar with src:lsb, but I need this issue resolved fixed
to keep src:sysvinit suitable for Buster. By the way, sysvinit does
not use killproc. ]
I believe it would be reasonable to add '--name $base' into `else'
clause. Opinions?
PS. Dear maintainer, are you still willing to give-up maintainership of
src:lsb ( comment in 888743)?
--
Note, that I send and fetch email in batch, once every 24 hours.
If matter is urgent, try https://t.me/kaction
--
Bug#921558: lsb-base: killproc does not pass name parameter to start-stop-daemon
On Wed, 6 Feb 2019 20:20:54 +0100 Andreas Metzler
wrote:> Hello,
Hello,
> there is a logic error in /lib/lsb/init-functions's killproc:
>
> base=${1##*/}
> if [ ! $pidfile ]; then
> name_param="--name $base --pidfile /var/run/$base.pid"
> else
> name_param="--pidfile $pidfile"
> fi
>
> The if clause checks for nonempty $pidfile instead of nonempty $base to
> decide whether --name is used.
>
> Also --pidfile $pidfile is always used, even when $pidfile is empty.
>
> I am reportig this as serious since sid's start-stop-daemon requires a
> name parameter in addition to --pidfile when the pidfile is not owned by
> root, therefore this bug causes init script failures. (#921205)
FTR, this is a change that has been implemented in start-stop-daemon
included in dpkg version >= 1.19.3, IMVHO a proper breaks might be
needed there as well
Warning: using this match option with a world-writable
pidfile or using it alone with a daemon that writes the pidfile as an
unprivileged (non-root) user will be refused with an error (since
version 1.19.3) as this is a security risk, because
either any user can write to it, or if the daemon gets compromised, the
contents of the pidfile cannot be trusted, and then a privileged
runner (such as an init script executed as root) would
end up acting on any system process. Using /dev/null is excempt from
these checks.
Bug#921558: lsb-base: killproc does not pass name parameter to start-stop-daemon
Package: lsb-base
Version: 10.2018112800
Severity: serious
Hello,
there is a logic error in /lib/lsb/init-functions's killproc:
base=${1##*/}
if [ ! $pidfile ]; then
name_param="--name $base --pidfile /var/run/$base.pid"
else
name_param="--pidfile $pidfile"
fi
The if clause checks for nonempty $pidfile instead of nonempty $base to
decide whether --name is used.
Also --pidfile $pidfile is always used, even when $pidfile is empty.
I am reportig this as serious since sid's start-stop-daemon requires a
name parameter in addition to --pidfile when the pidfile is not owned by
root, therefore this bug causes init script failures. (#921205)
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
