Package: memcached
Version: 1.2.2-1+bremner
Severity: wishlist
Tags: patch
Hi;
I have been thinking about the (lack of) security of memcached lately
because it is used by pushmi
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429688). Pushmi is an
svn mirroring tool, that I think is quite likely to be installed on
multiuser machines.
It seems to me it would be helpful to have access to the default
memcached daemon restricted to a group. The attached patch
makes a user and group memcached, and make a unix domain socket
/var/run/memcached/memcached.socket which is only accessible to
group memcached.
I had to patch the upstream source (using dpatch) to allow the
permissions on the socket to be set at creation (since using chmod seems
to leave the door open to race conditions). I have sent the patch to
the memcached mailing list.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.22 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages memcached depends on:
ii adduser 3.105 add and remove users and groups
ii libc6 2.6.1-5 GNU C Library: Shared libraries
ii libevent1 1.3d-1 An asynchronous event notification
ii perl 5.8.8-11 Larry Wall's Practical Extraction
memcached recommends no packages.
-- no debconf information
diff -u memcached-1.2.2/debian/memcached.conf
memcached-1.2.2/debian/memcached.conf
--- memcached-1.2.2/debian/memcached.conf
+++ memcached-1.2.2/debian/memcached.conf
@@ -23,17 +23,21 @@
-m 64
# Default connection port is 11211
--p 11211
+# with a unix domain socket the port makes no sense
+#-p 11211
# Run the daemon as root. The start-memcached will default to running as root
if no
# -u command is present in this config file
--u nobody
+-u memcached
# Specify which IP address to listen on. The default is to listen on all IP
addresses
# This parameter is one of the only security measures that memcached has, so
make sure
# it's listening on a firewalled interface.
--l 127.0.0.1
+#-l 127.0.0.1
+# Listen on a unix domain socket
+-s /var/run/memcached/memcached.socket
+-a 660
# Limit the number of simultaneous incoming connections. The daemon default is
1024
# -c 1024
diff -u memcached-1.2.2/debian/memcached.postrm
memcached-1.2.2/debian/memcached.postrm
--- memcached-1.2.2/debian/memcached.postrm
+++ memcached-1.2.2/debian/memcached.postrm
@@ -9,2 +9,6 @@
+
+deluser memcached
+rm -rf /var/run/memcached
+
#DEBHELPER#
diff -u memcached-1.2.2/debian/memcached.postinst
memcached-1.2.2/debian/memcached.postinst
--- memcached-1.2.2/debian/memcached.postinst
+++ memcached-1.2.2/debian/memcached.postinst
@@ -1,5 +1,6 @@
#!/bin/sh
+adduser --system --group --home /var/run/memcached memcached
if [ ! -e /etc/memcached.conf ]
then
mkdir -p /etc
diff -u memcached-1.2.2/debian/changelog memcached-1.2.2/debian/changelog
--- memcached-1.2.2/debian/changelog
+++ memcached-1.2.2/debian/changelog
@@ -1,3 +1,10 @@
+memcached (1.2.2-1+bremner) unstable; urgency=low
+
+ * added memcached user
+ * patched memcached.c to set umask
+
+ -- David Bremner <[EMAIL PROTECTED]> Sat, 13 Oct 2007 18:25:56 +0200
+
memcached (1.2.2-1) unstable; urgency=low
* New upstream release
diff -u memcached-1.2.2/debian/rules memcached-1.2.2/debian/rules
--- memcached-1.2.2/debian/rules
+++ memcached-1.2.2/debian/rules
@@ -6,6 +6,8 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
+include /usr/share/dpatch/dpatch.make
+
# These are used for cross-compiling and for saving the configure script
# from having to guess our platform (since we know it already)
@@ -27,7 +29,7 @@
INSTALL_PROGRAM += -s
endif
-config.status: configure
+config.status: configure patch
dh_testdir
# Add here commands to configure the package.
#CFLAGS=$(CFLAGS)
@@ -45,7 +47,8 @@
touch build-stamp
-clean:
+clean: clean-patched unpatch
+clean-patched:
dh_testdir
dh_testroot
rm -f build-stamp config.log
diff -u memcached-1.2.2/debian/control memcached-1.2.2/debian/control
--- memcached-1.2.2/debian/control
+++ memcached-1.2.2/debian/control
@@ -2,12 +2,12 @@
Section: web
Priority: optional
Maintainer: Jay Bonci <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>= 4.0.0), libevent-dev
+Build-Depends: debhelper (>= 4.0.0), libevent-dev, dpatch
Standards-Version: 3.7.2.2
Package: memcached
Architecture: any
-Depends: ${shlibs:Depends}, perl
+Depends: ${shlibs:Depends}, perl, adduser
Suggests: libcache-memcached-perl
Description: A high-performance memory object caching system
Danga Interactive developed memcached to enhance the speed of
LiveJournal.com,
only in patch2:
unchanged:
--- memcached-1.2.2.orig/debian/patches/00list
+++ memcached-1.2.2/debian/patches/00list
@@ -0,0 +1 @@
+umask-unix-socket
only in patch2:
unchanged:
--- memcached-1.2.2.orig/debian/patches/umask-unix-socket.dpatch
+++ memcached-1.2.2/debian/patches/umask-unix-socket.dpatch
@@ -0,0 +1,83 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## umask-unix-socket.dpatch by <David Bremner <[EMAIL PROTECTED]>>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad memcached-1.2.2~/memcached.c memcached-1.2.2/memcached.c
+--- memcached-1.2.2~/memcached.c 2007-10-14 08:51:02.000000000 +0200
++++ memcached-1.2.2/memcached.c 2007-10-14 09:10:40.000000000 +0200
+@@ -166,6 +166,7 @@
+ }
+
+ static void settings_init(void) {
++ settings.access=0700;
+ settings.port = 11211;
+ settings.udpport = 0;
+ settings.interf.s_addr = htonl(INADDR_ANY);
+@@ -2186,12 +2187,13 @@
+ return sfd;
+ }
+
+-static int server_socket_unix(const char *path) {
++static int server_socket_unix(const char *path, int access_mask) {
+ int sfd;
+ struct linger ling = {0, 0};
+ struct sockaddr_un addr;
+ struct stat tstat;
+ int flags =1;
++ int old_umask;
+
+ if (!path) {
+ return -1;
+@@ -2221,11 +2223,14 @@
+
+ addr.sun_family = AF_UNIX;
+ strcpy(addr.sun_path, path);
++ old_umask=umask( ~(access_mask&0777));
+ if (bind(sfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+ perror("bind()");
+ close(sfd);
++ umask(old_umask);
+ return -1;
+ }
++ umask(old_umask);
+ if (listen(sfd, 1024) == -1) {
+ perror("listen()");
+ close(sfd);
+@@ -2475,8 +2480,13 @@
+ setbuf(stderr, NULL);
+
+ /* process arguments */
+- while ((c = getopt(argc, argv, "bp:s:U:m:Mc:khirvdl:u:P:f:s:n:t:D:")) !=
-1) {
++ while ((c = getopt(argc, argv, "a:bp:s:U:m:Mc:khirvdl:u:P:f:s:n:t:D:"))
!= -1) {
+ switch (c) {
++ case 'a':
++ /* access for unix domain socket, as octal mask (like chmod)*/
++ settings.access= strtol(optarg,NULL,8);
++ break;
++
+ case 'U':
+ settings.udpport = atoi(optarg);
+ break;
+@@ -2654,7 +2664,7 @@
+
+ /* create unix mode sockets after dropping privileges */
+ if (settings.socketpath != NULL) {
+- l_socket = server_socket_unix(settings.socketpath);
++ l_socket = server_socket_unix(settings.socketpath,settings.access);
+ if (l_socket == -1) {
+ fprintf(stderr, "failed to listen\n");
+ exit(EXIT_FAILURE);
+diff -urNad memcached-1.2.2~/memcached.h memcached-1.2.2/memcached.h
+--- memcached-1.2.2~/memcached.h 2007-05-03 00:58:51.000000000 +0200
++++ memcached-1.2.2/memcached.h 2007-10-14 09:09:38.000000000 +0200
+@@ -74,6 +74,7 @@
+ bool managed; /* if 1, a tracker manages virtual buckets */
+ int evict_to_free;
+ char *socketpath; /* path to unix socket if using local socket */
++ int access; /* access mask (a la chmod) for unix domain socket */
+ double factor; /* chunk size growth factor */
+ int chunk_size;
+ int num_threads; /* number of libevent threads to run */
