Re: systemd CVE-2016-7796
Ben Hutchings <ben@decadent.org.uk> writes:
> 2. Fix for CVE-2016-7796
Has undefined reference to IN_SET.
I am guessing I don't need this part of the patch, right?
- if (errno == EAGAIN || errno == EINTR)
+ if (!IN_SET(errno, EAGAIN, EINTR))
> 4. pid1-process-zero-length-notification-messages-again.patch
Just some comments on this patch.
It looks like this patch does three things
* It removes "assert(n > 0)".
* It removes the now unused n parameter from the
manager_invoke_notify_message() function.
* It removes the return(0) if n==0. This looks like the only relevant part.
For the first two changes, it looks like the
manager_invoke_notify_message() function and hence the assert was only
introduced in systemd in the following commit, before tag v209. This was
not in the wheezy version, so I don't think these parts are required.
https://github.com/systemd/systemd/commit/5ba6985b6c8ef85a8bcfeb1b65239c863436e75b
commit 5ba6985b6c8ef85a8bcfeb1b65239c863436e75b
Author: Lennart Poettering <lennart@poettering.net>
Date: Fri Feb 7 11:58:25 2014 +0100
core: allow PIDs to be watched by two units at the same time
In some cases it is interesting to map a PID to two units at the same
time. For example, when a user logs in via a getty, which is reexeced to
/sbin/login that binary will be explicitly referenced as main pid of the
getty service, as well as implicitly referenced as part of the session
scope.
--
Brian May <bam@debian.org>
Reply to: