On Wed, 6 Feb 2019 20:20:54 +0100 Andreas Metzler <ametz...@bebt.de>
wrote:> Hello,
Hello,
> there is a logic error in /lib/lsb/init-functions's killproc:
>
> base=${1##*/}
> if [ ! $pidfile ]; then
> name_param="--name $base --pidfile /var/run/$base.pid"
> else
> name_param="--pidfile $pidfile"
> fi
>
> The if clause checks for nonempty $pidfile instead of nonempty $base to
> decide whether --name is used.
>
> Also --pidfile $pidfile is always used, even when $pidfile is empty.
>
> I am reportig this as serious since sid's start-stop-daemon requires a
> name parameter in addition to --pidfile when the pidfile is not owned by
> root, therefore this bug causes init script failures. (#921205)
FTR, this is a change that has been implemented in start-stop-daemon
included in dpkg version >= 1.19.3, IMVHO a proper breaks might be
needed there as well
Warning: using this match option with a world-writable
pidfile or using it alone with a daemon that writes the pidfile as an
unprivileged (non-root) user will be refused with an error (since
version 1.19.3) as this is a security risk, because
either any user can write to it, or if the daemon gets compromised, the
contents of the pidfile cannot be trusted, and then a privileged
runner (such as an init script executed as root) would
end up acting on any system process. Using /dev/null is excempt from
these checks.
