crux-patch.diff: sync..

The new S-S-D would not work with CRUX since for example exim uses
a PID file with root:mail and then there is a root!=mail mismatch.
The manual says

  Warning: using this match option with a world-writable pidfile
  or using it alone with a daemon that writes the pidfile as an
  unprivileged (non-root) user will be refused with an error
  (since version 1.19.3) as this is a security risk, because
  either any user can write to it, or if the daemon gets
  compromised, the contents of the pidfile cannot be trusted, and
  then a privileged runner (such as an init script executed as
  root) would end up acting on any system process.  Using
  /dev/null is exempt from these checks.

The actual code contradicts this as the mail group in our example
cannot write the PID file, only read it.
I thus have adjusted the code to only refuse the operation if the
group can write the file, too.
(Maybe this is even a "bug" that should be reported upstream?)

1 files changed, 34 insertions, 23 deletions

diff --git a/crux-patch.diff b/crux-patch.diff
index f5ee880..7d401db 100644
--- a/crux-patch.diff
+++ b/crux-patch.diff
@@ -1,5 +1,5 @@
 diff --git a/start-stop-daemon.8 b/start-stop-daemon.8
-index 4723596..5b880af 100644
+index 2a083f3..5daeab2 100644
 --- a/start-stop-daemon.8
 +++ b/start-stop-daemon.8
 @@ -20,7 +20,7 @@
@@ -7,11 +7,11 @@ index 4723596..5b880af 100644
  .\" along with this program.  If not, see <https://www.gnu.org/licenses/>.
  .
 -.TH start\-stop\-daemon 8 "%RELEASE_DATE%" "%VERSION%" "dpkg suite"
-+.TH start\-stop\-daemon 8 "2019-01-22" "CRUX 3.5" "dpkg suite"
++.TH start\-stop\-daemon 8 "2019-03-10" "CRUX 3.5" "dpkg suite"
  .nh
  .SH NAME
  start\-stop\-daemon \- start and stop system daemon programs
-@@ -266,33 +266,6 @@ reason. This is a last resort, and is only meant for programs that either
+@@ -269,33 +269,6 @@ reason. This is a last resort, and is only meant for programs that either
  make no sense forking on their own, or where it's not feasible to add the
  code for them to do this themselves.
  .TP
@@ -46,10 +46,10 @@ index 4723596..5b880af 100644
  Do not close any file descriptor when forcing the daemon into the background
  (since version 1.16.5).
 diff --git a/start-stop-daemon.c b/start-stop-daemon.c
-index e7e1cdc..9f30377 100644
+index 88c9726..bcdce53 100644
 --- a/start-stop-daemon.c
 +++ b/start-stop-daemon.c
-@@ -20,10 +20,36 @@
+@@ -20,10 +20,37 @@
   * Changes by Ian Jackson: added --retry (and associated rearrangements).
   */
  
@@ -59,7 +59,7 @@ index e7e1cdc..9f30377 100644
  
  #include <dpkg/macros.h>
 +#else
-+# define VERSION 		"20190122"
++# define VERSION 		"20190310"
 +# define CRUX 			"CRUX-Linux"
 +
 +# define WANT_SYSTEMD_NOTIFY	0 /* 1=yes */
@@ -79,6 +79,7 @@ index e7e1cdc..9f30377 100644
 +
 +# define DPKG_ATTR_NORET	__attribute__((noreturn))
 +# define DPKG_ATTR_PRINTF(X)
++# define DPKG_ATTR_VPRINTF(X)
 +
 +# define _GNU_SOURCE
 +# include <unistd.h>
@@ -86,7 +87,7 @@ index e7e1cdc..9f30377 100644
  
  #if defined(__linux__)
  #  define OS_Linux
-@@ -160,6 +186,10 @@
+@@ -160,6 +187,10 @@
  #define HAVE_IOPRIO_SET
  #endif
  
@@ -97,7 +98,7 @@ index e7e1cdc..9f30377 100644
  #define IOPRIO_CLASS_SHIFT 13
  #define IOPRIO_PRIO_VALUE(class, prio) (((class) << IOPRIO_CLASS_SHIFT) | (prio))
  #define IO_SCHED_PRIO_MIN 0
-@@ -212,10 +242,12 @@ static int quietmode = 0;
+@@ -212,10 +243,12 @@ static int quietmode = 0;
  static int exitnodo = 1;
  static bool background = false;
  static bool close_io = true;
@@ -110,7 +111,7 @@ index e7e1cdc..9f30377 100644
  static bool mpidfile = false;
  static bool rpidfile = false;
  static int signal_nr = SIGTERM;
-@@ -388,8 +420,7 @@ xstrndup(const char *str, size_t n)
+@@ -405,8 +438,7 @@ xstrndup(const char *str, size_t n)
  static void
  timespec_gettime(struct timespec *ts)
  {
@@ -118,9 +119,9 @@ index e7e1cdc..9f30377 100644
 -    defined(_POSIX_MONOTONIC_CLOCK) && _POSIX_MONOTONIC_CLOCK > 0
 +#ifdef HAVE_CLOCK_MONOTONIC
  	if (clock_gettime(CLOCK_MONOTONIC, ts) < 0)
- 		fatal("clock_gettime failed");
+ 		fatale("clock_gettime failed");
  #else
-@@ -531,6 +562,7 @@ wait_for_child(pid_t pid)
+@@ -548,6 +580,7 @@ wait_for_child(pid_t pid)
  	}
  }
  
@@ -128,7 +129,7 @@ index e7e1cdc..9f30377 100644
  static void
  cleanup_socket_dir(void)
  {
-@@ -711,6 +743,7 @@ wait_for_notify(int fd)
+@@ -737,6 +770,7 @@ wait_for_notify(int fd)
  		}
  	}
  }
@@ -136,7 +137,7 @@ index e7e1cdc..9f30377 100644
  
  static void
  write_pidfile(const char *filename, pid_t pid)
-@@ -743,7 +776,9 @@ remove_pidfile(const char *filename)
+@@ -769,7 +803,9 @@ remove_pidfile(const char *filename)
  static void
  daemonize(void)
  {
@@ -146,9 +147,9 @@ index e7e1cdc..9f30377 100644
  	pid_t pid;
  	sigset_t mask;
  	sigset_t oldmask;
-@@ -757,8 +792,10 @@ daemonize(void)
+@@ -783,8 +819,10 @@ daemonize(void)
  	if (sigprocmask(SIG_BLOCK, &mask, &oldmask) == -1)
- 		fatal("cannot block SIGCHLD");
+ 		fatale("cannot block SIGCHLD");
  
 +#if WANT_SYSTEMD_NOTIFY
  	if (notify_await)
@@ -157,7 +158,7 @@ index e7e1cdc..9f30377 100644
  
  	pid = fork();
  	if (pid < 0)
-@@ -769,6 +806,7 @@ daemonize(void)
+@@ -795,6 +833,7 @@ daemonize(void)
  		 * not suffer from race conditions on return. */
  		wait_for_child(pid);
  
@@ -165,7 +166,7 @@ index e7e1cdc..9f30377 100644
  		if (notify_await) {
  			/* Wait for a readiness notification from the second
  			 * child, so that we can safely exit when the service
-@@ -777,6 +815,7 @@ daemonize(void)
+@@ -803,6 +842,7 @@ daemonize(void)
  			close(notify_fd);
  			cleanup_socket_dir();
  		}
@@ -173,7 +174,7 @@ index e7e1cdc..9f30377 100644
  
  		_exit(0);
  	}
-@@ -875,8 +914,10 @@ usage(void)
+@@ -901,8 +941,10 @@ usage(void)
  "                                  scheduler (default prio is 4)\n"
  "  -k, --umask <mask>            change the umask to <mask> before starting\n"
  "  -b, --background              force the process to detach\n"
@@ -184,7 +185,7 @@ index e7e1cdc..9f30377 100644
  "  -C, --no-close                do not close any file descriptor\n"
  "  -m, --make-pidfile            create the pidfile before starting\n"
  "      --remove-pidfile          delete the pidfile after stopping\n"
-@@ -921,9 +962,9 @@ usage(void)
+@@ -947,9 +989,9 @@ usage(void)
  static void
  do_version(void)
  {
@@ -197,7 +198,7 @@ index e7e1cdc..9f30377 100644
  }
  
  static void DPKG_ATTR_NORET
-@@ -1248,8 +1289,10 @@ parse_options(int argc, char * const *argv)
+@@ -1274,8 +1316,10 @@ parse_options(int argc, char * const *argv)
  		{ "iosched",	  1, NULL, 'I'},
  		{ "umask",	  1, NULL, 'k'},
  		{ "background",	  0, NULL, 'b'},
@@ -208,7 +209,7 @@ index e7e1cdc..9f30377 100644
  		{ "no-close",	  0, NULL, 'C'},
  		{ "make-pidfile", 0, NULL, 'm'},
  		{ "remove-pidfile", 0, NULL, OPT_RM_PIDFILE},
-@@ -1264,7 +1307,9 @@ parse_options(int argc, char * const *argv)
+@@ -1290,7 +1334,9 @@ parse_options(int argc, char * const *argv)
  	const char *schedule_str = NULL;
  	const char *proc_schedule_str = NULL;
  	const char *io_schedule_str = NULL;
@@ -218,7 +219,7 @@ index e7e1cdc..9f30377 100644
  	size_t changeuser_len;
  	int c;
  
-@@ -1364,12 +1409,14 @@ parse_options(int argc, char * const *argv)
+@@ -1390,12 +1436,14 @@ parse_options(int argc, char * const *argv)
  		case 'b':  /* --background */
  			background = true;
  			break;
@@ -233,7 +234,7 @@ index e7e1cdc..9f30377 100644
  		case 'C': /* --no-close */
  			close_io = false;
  			break;
-@@ -1422,9 +1469,11 @@ parse_options(int argc, char * const *argv)
+@@ -1448,9 +1496,11 @@ parse_options(int argc, char * const *argv)
  			badusage("umask value must be a positive number");
  	}
  
@@ -245,3 +246,13 @@ index e7e1cdc..9f30377 100644
  
  	if (action == ACTION_NONE)
  		badusage("need one of --start or --stop or --status");
+@@ -2298,7 +2348,8 @@ do_pidfile(const char *name)
+ 
+ 			if (match_mode == MATCH_PIDFILE &&
+ 			    ((st.st_uid != getuid() && st.st_uid != 0) ||
+-			     (st.st_gid != getgid() && st.st_gid != 0)))
++			     ((st.st_gid != getgid() && st.st_gid != 0) &&
++			      (st.st_mode & 0020))))
+ 				fatal("matching only on non-root pidfile %s is insecure", name);
+ 			if (st.st_mode & 0002)
+ 				fatal("matching on world-writable pidfile %s is insecure", name);