Re: systemd CVE-2016-7796

[Brian May <bam@debian.org>]

Ben Hutchings <ben@decadent.org.uk> writes:

> 2. Fix for CVE-2016-7796

Has undefined reference to IN_SET.

I am guessing I don't need this part of the patch, right?

-                        if (errno == EAGAIN || errno == EINTR)
+                        if (!IN_SET(errno, EAGAIN, EINTR))

> 4. pid1-process-zero-length-notification-messages-again.patch

Just some comments on this patch.

It looks like this patch does three things

* It removes "assert(n > 0)".

* It removes the now unused n parameter from the
  manager_invoke_notify_message() function.

* It removes the return(0) if n==0. This looks like the only relevant part.

For the first two changes, it looks like the
manager_invoke_notify_message() function and hence the assert was only
introduced in systemd in the following commit, before tag v209. This was
not in the wheezy version, so I don't think these parts are required.


https://github.com/systemd/systemd/commit/5ba6985b6c8ef85a8bcfeb1b65239c863436e75b

commit 5ba6985b6c8ef85a8bcfeb1b65239c863436e75b
Author: Lennart Poettering <lennart@poettering.net>
Date:   Fri Feb 7 11:58:25 2014 +0100

    core: allow PIDs to be watched by two units at the same time
    
    In some cases it is interesting to map a PID to two units at the same
    time. For example, when a user logs in via a getty, which is reexeced to
    /sbin/login that binary will be explicitly referenced as main pid of the
    getty service, as well as implicitly referenced as part of the session
    scope.

-- 
Brian May <bam@debian.org>