diff options
| author | Steffen Nurpmeso <steffen@sdaoden.eu> | 2019-04-30 23:56:58 +0200 |
|---|---|---|
| committer | Steffen Nurpmeso <steffen@sdaoden.eu> | 2019-04-30 23:56:58 +0200 |
| commit | 4ddd21fc6df3b34d4d5fc43f255bd8b7211434f1 (patch) | |
| tree | 6aede1b6f6682829f9245330020007056414d8b8 | |
| parent | 8c845d16460d2632942f57c34d6e8e39e2c7b02a (diff) | |
| download | start-stop-daemon-4ddd21fc6df3b34d4d5fc43f255bd8b7211434f1.tar.gz start-stop-daemon-4ddd21fc6df3b34d4d5fc43f255bd8b7211434f1.tar.xz | |
crux-patch.diff: tweak last import: CRUX needs less restrictive approach yet
| -rw-r--r-- | crux-patch.diff | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/crux-patch.diff b/crux-patch.diff index 7d401db..3f038f7 100644 --- a/crux-patch.diff +++ b/crux-patch.diff @@ -1,5 +1,5 @@ diff --git a/start-stop-daemon.8 b/start-stop-daemon.8 -index 2a083f3..5daeab2 100644 +index 2a083f3..5c99f4b 100644 --- a/start-stop-daemon.8 +++ b/start-stop-daemon.8 @@ -20,7 +20,7 @@ @@ -7,11 +7,25 @@ index 2a083f3..5daeab2 100644 .\" along with this program. If not, see <https://www.gnu.org/licenses/>. . -.TH start\-stop\-daemon 8 "%RELEASE_DATE%" "%VERSION%" "dpkg suite" -+.TH start\-stop\-daemon 8 "2019-03-10" "CRUX 3.5" "dpkg suite" ++.TH start\-stop\-daemon 8 "2019-04-30" "CRUX 3.5" "dpkg suite" .nh .SH NAME start\-stop\-daemon \- start and stop system daemon programs -@@ -269,33 +269,6 @@ reason. This is a last resort, and is only meant for programs that either +@@ -130,6 +130,13 @@ gets compromised, the contents of the pidfile cannot be trusted, and then + a privileged runner (such as an init script executed as root) would end up + acting on any system process. + Using \fI/dev/null\fP is exempt from these checks. ++.IP ++\fBCRUX extension:\fP ++On CRUX the above restriction is weakened and only applies to world- or ++group-writable pidfiles. ++RC scripts need to become adjusted until the Debian policy is used. ++Also, \fI/var/run\fP is writable by root only, so the daemon must have ++been started with higher rights, as root. + .TP + .BR \-x ", " \-\-exec " \fIexecutable\fP" + Check for processes that are instances of this \fIexecutable\fP. The +@@ -269,33 +276,6 @@ reason. This is a last resort, and is only meant for programs that either make no sense forking on their own, or where it's not feasible to add the code for them to do this themselves. .TP @@ -46,7 +60,7 @@ index 2a083f3..5daeab2 100644 Do not close any file descriptor when forcing the daemon into the background (since version 1.16.5). diff --git a/start-stop-daemon.c b/start-stop-daemon.c -index 88c9726..bcdce53 100644 +index 88c9726..1c35c0b 100644 --- a/start-stop-daemon.c +++ b/start-stop-daemon.c @@ -20,10 +20,37 @@ @@ -59,7 +73,7 @@ index 88c9726..bcdce53 100644 #include <dpkg/macros.h> +#else -+# define VERSION "20190310" ++# define VERSION "20190430" +# define CRUX "CRUX-Linux" + +# define WANT_SYSTEMD_NOTIFY 0 /* 1=yes */ @@ -246,13 +260,18 @@ index 88c9726..bcdce53 100644 if (action == ACTION_NONE) badusage("need one of --start or --stop or --status"); -@@ -2298,7 +2348,8 @@ do_pidfile(const char *name) +@@ -2297,9 +2347,11 @@ do_pidfile(const char *name) + fatale("cannot stat pidfile %s", name); if (match_mode == MATCH_PIDFILE && - ((st.st_uid != getuid() && st.st_uid != 0) || +- ((st.st_uid != getuid() && st.st_uid != 0) || - (st.st_gid != getgid() && st.st_gid != 0))) -+ ((st.st_gid != getgid() && st.st_gid != 0) && -+ (st.st_mode & 0020)))) - fatal("matching only on non-root pidfile %s is insecure", name); +- fatal("matching only on non-root pidfile %s is insecure", name); ++ (((st.st_uid != getuid() && st.st_uid != 0) || ++ ((st.st_gid != getgid() && st.st_gid != 0))) && ++ (st.st_mode & 0022))) ++ fatal("matching only on non-root pidfile %s is insecure" ++ " (CRUX: when group/other writable)", name); if (st.st_mode & 0002) fatal("matching on world-writable pidfile %s is insecure", name); + |