Bug#144484: start-stop-daemon bad chroot handling

To: submit@bugs.debian.org
Subject: Bug#144484: start-stop-daemon bad chroot handling
From: Farago Janos <fari@andrews.hu>
Date: Thu, 25 Apr 2002 12:10:57 +0200
Message-id: <[🔎] 20020425121057.C24674@andrews.hu>
Reply-to: Farago Janos <fari@andrews.hu>, 144484@bugs.debian.org

Package: dpkg
Version: 1.9.20

Hi,

in start-stop-daemon the chroot handling has a litlle bug (can't stop process). 
It checks executable file and pid file in main filesystem not under jail:

execve("/sbin/start-stop-daemon", ["start-stop-daemon", "--chroot","/usr/local/ldap_jail", "--start", "-v",
+"--pidfile", "/var/run/slapd.pid", "--exec", "/usr/sbin/slapd"], [/* 31 vars */]) = 0
...
>>>>we are in main filesystem not in jail!
stat64("/usr/sbin/slapd", {st_mode=S_IFREG|0755, st_size=400216, ...}) = 0
...
>>>>we are in main filesystem not in jail!
open("/var/run/slapd.pid", O_RDONLY)    = -1 ENOENT (No such file or directory)
...
chroot("/usr/local/ldap_jail")          = 0
>>>>we are now in jail!
...

Fari

-------------------------------------------------------------------------------

Here is a little patch to solve this problem

--- ./start-stop-daemon.c.Orig	Mon May 14 00:01:28 2001
+++ ./start-stop-daemon.c	Wed Apr 24 00:50:27 2002
@@ -101,7 +101,7 @@
 static const char *cmdname = NULL;
 static char *execname = NULL;
 static char *startas = NULL;
-static const char *pidfile = NULL;
+static char *pidfile = NULL;
 static char what_stop[1024];
 static const char *schedule_str = NULL;
 static const char *progname = "";
@@ -1039,12 +1039,30 @@
 int
 main(int argc, char **argv)
 {
+	char	*orig_execname;
+	char	*orig_pidfile;
+
 	progname = argv[0];
 
 	parse_options(argc, argv);
 	argc -= optind;
 	argv += optind;
 
+	orig_execname = execname;
+	orig_pidfile = pidfile;
+	if (changeroot != NULL)	{
+		if (execname != NULL) {
+			execname = xmalloc(strlen(changeroot)+strlen(execname)+1);
+			strcat(execname, changeroot);
+			strcat(execname, orig_execname);
+		}
+		if (pidfile != NULL) {
+			pidfile = xmalloc(strlen(changeroot)+strlen(pidfile)+1);
+			strcat(pidfile, changeroot);
+			strcat(pidfile, orig_pidfile);
+		}
+	}
+
 	if (execname && stat(execname, &exec_stat))
 		fatal("stat %s: %s", execname, strerror(errno));
 
@@ -1114,6 +1132,16 @@
 		if (chroot(changeroot) < 0)
 			fatal("Unable to chroot() to %s", changeroot);
 	}
+
+	if (pidfile != orig_pidfile) {
+	    	free(pidfile);
+		pidfile = orig_pidfile;
+	}
+	if (execname != orig_execname) {
+	    	free(execname);
+		execname = orig_execname;
+	}
+	
 	if (changeuser != NULL) {
  		if (setgid(runas_gid))
  			fatal("Unable to set gid to %d", runas_gid);

Attachment: pgpewbj7GEQvW.pgp
Description: PGP signature

Reply to:

Prev by Date: Bug#142324: ER] Should add homepage URL in package description
Next by Date: Bug#142324: ER] Should add homepage URL in package description
Previous by thread: Bug#143302: What's happening with this bug?
Next by thread: Bug#144515: dpkg --print-architecture on i386 sometimes prints i386-none
Index(es):
- Date
- Thread