Bug#654580: marked as done (di-utils: needs to divert start-stop-daemon and initctl rather than simply moving them)

To: Colin Watson <cjwatson@debian.org>
Subject: Bug#654580: marked as done (di-utils: needs to divert start-stop-daemon and initctl rather than simply moving them)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 04 Jan 2012 14:51:06 +0000
Message-id: <[🔎] handler.654580.D654580.13256884801301.ackdone@bugs.debian.org>
References: <E1RiS8F-0002hB-5c@franck.debian.org> <[🔎] 20120104131009.GE12976@riva.dynamic.greenend.org.uk>

Your message dated Wed, 04 Jan 2012 14:47:59 +0000
with message-id <E1RiS8F-0002hB-5c@franck.debian.org>
and subject line Bug#654580: fixed in debian-installer-utils 1.88
has caused the Debian Bug report #654580,
regarding di-utils: needs to divert start-stop-daemon and initctl rather than simply moving them
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
654580: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654580
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: di-utils: needs to divert start-stop-daemon and initctl rather than simply moving them
From: Colin Watson <cjwatson@ubuntu.com>
Date: Wed, 4 Jan 2012 13:10:09 +0000
Message-id: <[🔎] 20120104131009.GE12976@riva.dynamic.greenend.org.uk>

Package: di-utils
Version: 1.87
Severity: grave
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch precise

In https://launchpad.net/bugs/900526, we discovered a serious problem
with the way chroot-setup.sh deals with start-stop-daemon and initctl.

The chroot_setup function moves these programs aside, replacing them
with temporary fake versions, and the chroot_cleanup* functions put them
back.  However, they do not use dpkg diversions to do so.  As a quite
plausible example, if pkgsel applies an update to dpkg,
start-stop-daemon will be moved aside at the start, but the dpkg upgrade
will write a new version of /sbin/start-stop-daemon, and then the
original binary will be moved back at the end.  This means: (a) after
dpkg is unpacked the chroot is no longer safe against daemons being
started; (b) the resulting system will claim to have the new dpkg
version but will in fact have the old start-stop-daemon binary!

We actually noticed this with initctl, which is part of upstart, so that
wouldn't happen in typical Debian installs, but the start-stop-daemon
example might well do.  Although I can't find a specific reference, I've
definitely seen people turning up with odd symptoms related to
start-stop-daemon in the past which were never fully diagnosed, and I
strongly suspect that some of those were due to this bug.

I intend to apply this patch, which fixes this bug in my tests.

diff --git a/chroot-setup.sh b/chroot-setup.sh
index 733026e..4b98529 100644
--- a/chroot-setup.sh
+++ b/chroot-setup.sh
@@ -25,6 +25,15 @@ update_mtab() {
 	done ) > $mtab
 }
 
+divert () {
+	chroot /target dpkg-divert --add --divert "$1.REAL" --rename "$1"
+}
+
+undivert () {
+	rm -f "/target$1"
+	chroot /target dpkg-divert --remove --rename "$1"
+}
+
 chroot_setup () {
 	# Bail out if directories we need are not there
 	if [ ! -d /target/sbin ] || [ ! -d /target/usr/sbin ] || \
@@ -55,7 +64,7 @@ EOF
 	chmod a+rx /target/usr/sbin/policy-rc.d
 	
 	if [ -e /target/sbin/start-stop-daemon ]; then
-		mv /target/sbin/start-stop-daemon /target/sbin/start-stop-daemon.REAL
+		divert /sbin/start-stop-daemon
 	fi
 	cat > /target/sbin/start-stop-daemon <<EOF
 #!/bin/sh
@@ -67,7 +76,7 @@ EOF
 	
 	# If Upstart is in use, add a dummy initctl to stop it starting jobs.
 	if [ -x /target/sbin/initctl ]; then
-		mv /target/sbin/initctl /target/sbin/initctl.REAL
+		divert /sbin/initctl
 		cat > /target/sbin/initctl <<EOF
 #!/bin/sh
 echo 1>&2
@@ -165,9 +174,9 @@ EOF
 
 chroot_cleanup () {
 	rm -f /target/usr/sbin/policy-rc.d
-	mv /target/sbin/start-stop-daemon.REAL /target/sbin/start-stop-daemon
+	undivert /sbin/start-stop-daemon
 	if [ -x /target/sbin/initctl.REAL ]; then
-		mv /target/sbin/initctl.REAL /target/sbin/initctl
+		undivert /sbin/initctl
 	fi
 
 	# Undo the mounts done by the packages during installation.
@@ -188,9 +197,9 @@ chroot_cleanup () {
 # Variant of chroot_cleanup that only cleans up chroot_setup's mounts.
 chroot_cleanup_localmounts () {
 	rm -f /target/usr/sbin/policy-rc.d
-	mv /target/sbin/start-stop-daemon.REAL /target/sbin/start-stop-daemon
+	undivert /sbin/start-stop-daemon
 	if [ -x /target/sbin/initctl.REAL ]; then
-		mv /target/sbin/initctl.REAL /target/sbin/initctl
+		undivert /sbin/initctl
 	fi
 
 	# Undo the mounts done by the packages during installation.

-- 
Colin Watson                                       [cjwatson@ubuntu.com]

--- End Message ---

--- Begin Message ---

To: 654580-close@bugs.debian.org
Subject: Bug#654580: fixed in debian-installer-utils 1.88
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 04 Jan 2012 14:47:59 +0000
Message-id: <E1RiS8F-0002hB-5c@franck.debian.org>

Source: debian-installer-utils
Source-Version: 1.88

We believe that the bug you reported is fixed in the latest version of
debian-installer-utils, which is due to be installed in the Debian FTP archive:

debian-installer-utils_1.88.dsc
  to main/d/debian-installer-utils/debian-installer-utils_1.88.dsc
debian-installer-utils_1.88.tar.gz
  to main/d/debian-installer-utils/debian-installer-utils_1.88.tar.gz
di-utils-exit-installer_1.88_all.udeb
  to main/d/debian-installer-utils/di-utils-exit-installer_1.88_all.udeb
di-utils-mapdevfs_1.88_i386.udeb
  to main/d/debian-installer-utils/di-utils-mapdevfs_1.88_i386.udeb
di-utils-reboot_1.88_all.udeb
  to main/d/debian-installer-utils/di-utils-reboot_1.88_all.udeb
di-utils-shell_1.88_all.udeb
  to main/d/debian-installer-utils/di-utils-shell_1.88_all.udeb
di-utils-terminfo_1.88_i386.udeb
  to main/d/debian-installer-utils/di-utils-terminfo_1.88_i386.udeb
di-utils_1.88_i386.udeb
  to main/d/debian-installer-utils/di-utils_1.88_i386.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 654580@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated debian-installer-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 04 Jan 2012 13:37:09 +0000
Source: debian-installer-utils
Binary: di-utils-shell di-utils-reboot di-utils-exit-installer di-utils di-utils-mapdevfs di-utils-terminfo
Architecture: source all i386
Version: 1.88
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 di-utils   - Miscellaneous utilities for the debian installer (udeb)
 di-utils-exit-installer - Exit installer (udeb)
 di-utils-mapdevfs - mapdevfs utility for the debian installer (udeb)
 di-utils-reboot - Reboot (udeb)
 di-utils-shell - Execute a shell (udeb)
 di-utils-terminfo - Terminfo entries needed by newt/slang in debian installer (udeb)
Closes: 654580
Changes: 
 debian-installer-utils (1.88) unstable; urgency=low
 .
   [ Colin Watson ]
   * chroot_setup.sh: Divert start-stop-daemon and initctl rather than simply
     moving them aside (closes: #654580).
 .
   [ Updated translations ]
   * Icelandic (is.po) by Sveinn í Felli
   * Kannada (kn.po) by Prabodh C P
Checksums-Sha1: 
 a550c05ce0a9016d0e3c3e7e48d142b2228cfa15 2180 debian-installer-utils_1.88.dsc
 18511c917b7d3b3c64a65841402ac93d16b3ab04 108518 debian-installer-utils_1.88.tar.gz
 235d3f3c150768cd84c3f78ce80fcdbfa5dcdcbf 21306 di-utils-shell_1.88_all.udeb
 b6c53f5a5d91468eb88cbf08cee95373f7d40d5d 9642 di-utils-reboot_1.88_all.udeb
 4232518c774a3f71e2a1eb066bf9e7cabbb04ce5 2714 di-utils-exit-installer_1.88_all.udeb
 82d7ee7ebe4d544220ebc9b7ea2e9d289c4aab6e 32464 di-utils_1.88_i386.udeb
 e6d1f708233435166bc7542a092a7f043228357e 2354 di-utils-mapdevfs_1.88_i386.udeb
 2e27e397e57db4823bc43a30ac25a32964f47ce8 2500 di-utils-terminfo_1.88_i386.udeb
Checksums-Sha256: 
 493eb0bcf39575f92e7c791e38bf420a48e8aff209d5ab677d8d08244076de44 2180 debian-installer-utils_1.88.dsc
 6ba51af159d50da37cbfa985ab3fe8727474533358b8bd0d1197fc96ecf271c1 108518 debian-installer-utils_1.88.tar.gz
 de4e8387a41c83fb3f7549d445df665f2ffcd429765fee9e5be80e9512ecc858 21306 di-utils-shell_1.88_all.udeb
 58db32f03c420f06138e697d1fb90931017e6191879e5c496cb546c146164683 9642 di-utils-reboot_1.88_all.udeb
 9ae199c6fa4feef49d328d5d6570585d7e30665ab356392cd8bc6d2969baffd8 2714 di-utils-exit-installer_1.88_all.udeb
 49c5e768315d81fe7df0492e4ae6b12df205fb48d93511bfb19d918d44c04df5 32464 di-utils_1.88_i386.udeb
 970aae72a0562312c9254770603509363d28adf5e7f393264feb75aab32dcf35 2354 di-utils-mapdevfs_1.88_i386.udeb
 dbc53e2416639668dc5dfb89aad50f720b55b43c7befc1427d1aeb910efc9364 2500 di-utils-terminfo_1.88_i386.udeb
Files: 
 71a346dc613d2185639a041a07f0b352 2180 debian-installer standard debian-installer-utils_1.88.dsc
 607206a0fecc35dbdf2b17439ee46c16 108518 debian-installer standard debian-installer-utils_1.88.tar.gz
 39be60dae7c1d6753d40517048b886fe 21306 debian-installer standard di-utils-shell_1.88_all.udeb
 9514420677db24bd5a237c4806ee6942 9642 debian-installer standard di-utils-reboot_1.88_all.udeb
 b6743ab0d51db718e8bf9394f210d06c 2714 debian-installer extra di-utils-exit-installer_1.88_all.udeb
 ffda79be52d2f59d3625d3f9253a9f0c 32464 debian-installer standard di-utils_1.88_i386.udeb
 11ea3d9412a728bf36758ffbb1791ab4 2354 debian-installer standard di-utils-mapdevfs_1.88_i386.udeb
 3572c71fb304ede837f16f314719bbc9 2500 debian-installer standard di-utils-terminfo_1.88_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBTwRbEDk1h9l9hlALAQgcJw//RMqxx4fQx2cCNnwdZttsN64UDkThp2PO
oXgLXRP/1r/eD7lbUBrhyZyb4h+hIe+w6Q8+82Y46L4/Vfsz8Jvs5Ab+6R0Us6ue
lDpRmJwKpu+waZJ5yp9YlpJDWVDPT2H+jJaWwrv04PMXe0T61CettSSKHcQTL8MG
Nt4r6YYNgrJrxgX/ti73coBZ2OWad7ogWw+cu3wuX55iyGevZgP9wIZP6B3fX2GZ
9YRgpnSo2+GpQ/F9NK2gO1OhYRtBSZzJXalWyXXSmlEJkCUcfAOtQ4GH278Fv5At
Jbf0RZPm7J8BQ2fKnGIphbFpTeSUTepTIcJofh+LZWcSxmClqot4j6rPZzKzdOHc
tyZmhely1qmbbFEZ3MaDGud5KKWiyFzTBrVa7Mz5SxbD8Qzum6sUCvV0O0T+QDFv
SQypBaVK7PYSY6xSiPymeDhaPMrkIXIQ/5f24F+Hx8WL0kl+/3Man2p4W9PRJ/1A
gtqH28ugpeYTSuCR3NU1CUpdfWWk/iZyp8A3EOJQNkZWd4ss2vmGXysCXDzaf8px
pWriL7+M40QK/XWk9zTYwnU6p+crK2CSzOHDwlZNVghUpamVpeHiVqLZbWu/C42m
I8oQVca2yApclHf5GqT+NzX5PV5VRRQvixZlLGphp/I6XGnMTEwZedKn/emS1VPb
A324xmXPWl4=
=CzCV
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#654580: di-utils: needs to divert start-stop-daemon and initctl rather than simply moving them
  - From: Colin Watson <cjwatson@ubuntu.com>

Prev by Date: Processing of debian-installer-utils_1.88_i386.changes
Next by Date: debian-installer-utils_1.88_i386.changes ACCEPTED into unstable
Previous by thread: Bug#654580: di-utils: needs to divert start-stop-daemon and initctl rather than simply moving them
Next by thread: Processing of debian-installer-utils_1.88_i386.changes
Index(es):
- Date
- Thread