Bug#865730: marked as done (popularity-contest: Checking /proc/*/maps seems to be ineffective)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Mon, 30 Mar 2020 21:03:29 +0000
with message-id <E1jJ1ZB-00070i-DB@fasolo.debian.org>
and subject line Bug#865730: fixed in popularity-contest 1.70
has caused the Debian Bug report #865730,
regarding popularity-contest: Checking /proc/*/maps seems to be ineffective
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
865730: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865730
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: popularity-contest: Checking /proc/*/maps seems to be ineffective
• From: Robert Luberda <robert@debian.org>
• Date: Sat, 24 Jun 2017 12:15:33 +0200
• Message-id: <20170624101533.ptvlxu5wducgodxi@vox.robbo.home>

Package: popularity-contest
Version: 1.65
Severity: normal

popularity-contest has some code to scan /proc/*/maps files to check
for currently used programs. However popularity-contest itself is
usually run from the cron job as the nobody user, who does not have
permission to read those /proc/*/maps files...

I think that either the support for reading the maps files should be
dropped or popularity-contest should be run as root (BTW. it would make
sense to run popcon-upload as nobody instead of root), however the
second option would change the contents of the reports, because 
currently for some reason  the multi-arch libs are ignored via the 
"! m{/lib/.+-.+-.+/}" (which BTW. does not work on hurd-i386),
except for files coming from /proc/*/maps. This causes most library
packages to be reported as `no-files' except for libperl5.24 used
by the popularity-contest process itself, e.g. my recent log file
contains:

  1497960000 1496534400 libperl5.24 /usr/lib/x86_64-linux-gnu/perl/5.24.1/auto/File/Glob/Glob.so

Running popularity-contest as root would cause more *.so files to be
reported because of the /proc/*/maps, for example libcap2 would be
sent as:
  1498262400 1490616000 libcap2 /lib/x86_64-linux-gnu/libcap.so.2.25
instead of :
  0 0 libcap2 <NOFILES>
(Most probably similar result would be possible to gain even when
running as nobody if the exclusion of files matching to multi-lib pattern 
is removed).

Regards,
robert

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (990, 'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages popularity-contest depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  dpkg                   1.18.24

Versions of packages popularity-contest recommends:
ii  cron [cron-daemon]              3.0pl1-128+b1
ii  gnupg                           2.1.18-8
ii  postfix [mail-transport-agent]  3.2.2-1

Versions of packages popularity-contest suggests:
ii  anacron  2.3-24

-- debconf information excluded

--- End Message ---

--- Begin Message ---

• To: 865730-close@bugs.debian.org
• Subject: Bug#865730: fixed in popularity-contest 1.70
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Mon, 30 Mar 2020 21:03:29 +0000
• Message-id: <E1jJ1ZB-00070i-DB@fasolo.debian.org>
• Reply-to: Bill Allombert <ballombe@debian.org>

Source: popularity-contest
Source-Version: 1.70
Done: Bill Allombert <ballombe@debian.org>

We believe that the bug you reported is fixed in the latest version of
popularity-contest, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865730@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bill Allombert <ballombe@debian.org> (supplier of updated popularity-contest package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Mar 2020 19:47:56 +0200
Source: popularity-contest
Architecture: source
Version: 1.70
Distribution: unstable
Urgency: low
Maintainer: Popularity Contest Developers <debian-popcon@lists.debian.org>
Changed-By: Bill Allombert <ballombe@debian.org>
Closes: 865730 930446
Changes:
 popularity-contest (1.70) unstable; urgency=low
 .
   * debian-popcon.gpg: use new submission key
   * debian/cron.daily:
     - fix reporting logic to avoid double submissions.  Closes: #930446
     - store last successful http submission timestamp in
       /var/lib/popularity-contest/lastsub.
     - run 'popularity-contest --su-nobody' as root. This allows
       popcon to read the configuration file and /proc/*/maps files.
       Closes: #865730. Thanks Robert Luberda.
     - rename /var/log/popularity-contest.new.gpg to
              /var/log/popularity-contest.gpg
   * debian/control:
     - Updated Standards-Version from 4.4.0 to 4.5.0.  No change needed.
     - Build-Depends on debhelper-compat (=12)
   * debian/compat: removed
   * Update example server-side scripts to popcon.d.o version:
     - popanal.py: bump stable version to 1.67
     - popcon.pl: update URL from Alioth to Salsa
   * popularity-contest:
     - add private option --su-nobody to drop privileges after reading
       the configuration file and /proc.
   * examples/bin/popanal3.py:
     - Python 3 version of popanal.py (experimental), will replace popanal.py
Checksums-Sha1:
 f3fa5c385cea4b24a26938dfd9ac08bab5b28825 1731 popularity-contest_1.70.dsc
 c484771485b29f1d64d59c01ba0101347bd155b4 77748 popularity-contest_1.70.tar.xz
 07a1de63175a9bf11a486994b8aef0c10b38d51b 5800 popularity-contest_1.70_source.buildinfo
Checksums-Sha256:
 9cc11b3169350f767129e08bf9abf8b3a6e3290cdf9ab2a4230846c74c665aa0 1731 popularity-contest_1.70.dsc
 b1b399e1c89d2fbc79ad7a699cce59721494b8020d77a904fa5ba332d905fae4 77748 popularity-contest_1.70.tar.xz
 5883cf1fa15e0ed39354f8b571cd25babed978f365f5fd6531a72891c00a2e22 5800 popularity-contest_1.70_source.buildinfo
Files:
 a15bebcb72a334aa568a70839f035b32 1731 misc optional popularity-contest_1.70.dsc
 c1dff74f6f91b293ddf7f66e6d666295 77748 misc optional popularity-contest_1.70.tar.xz
 a628bdd5e00d85f6138eb013607b1241 5800 misc optional popularity-contest_1.70_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQgKOpASi6dgKxFMUjw58K0Ui44cFAl6CVaYACgkQjw58K0Ui
44eUpBAAi615dw0FIqCL5VIdQuB5CFxTtXGIvBlAxrAmvIqp0NAnLnkpe1InR07I
wGHMpUW97i15/AQ8XANrQOKqDmGmP3yT4inMvdJyYOPVFHQyBsrd0zByK8NK5o5W
B+LsKeihftsVlJBMZuBA1DN9iplT93yrzsXUAN0EBkOdc9RgnBnU2uHhImAflFbn
W9MW3MQbgD6X+WUDrrSAxv7DbpDTmFjk52jW5JasFRC5tELcxRdOR4NyoC4lJiBB
2q5HmZqnAtg/9vChBGpu1raAMtvMPrqvg71Bd+DZHXPkP7dNQm402y51JLIFUJFp
SCOrABXJuxDUJIz8IPO60P0xoFNZfaV4ZZ630VxWlj3cuTUGrjh9A2vYVnr4I+WZ
JN1pk0HtWzqjLKS6OnjaDrLzlv4Fyfp9yPyJzZOaz3fQWCUfXvVDBsLRB1NCzme5
LS08aBWMfWPoirNFLHHb7OVYiObkvMGif7g0sKwQeKmWY0Ti+tHxpKytqTncYS1Y
I5/pa13H3KkWEXZUTCOc8ZozlZZMKwYSBCMb38nzLBaR+TJ12T+BXTxmuyecekJR
MN9rHJjMpJPep/F0MnMqm7UW5c412rw5KFNc5kJwhfLAgGgAaBwKOL7UTDwfteRh
4awTM+TjKRHkT3tl4BdWYceCLsyqVL66pZs745L1cVkXoS5czUY=
=vJLM
-----END PGP SIGNATURE-----

--- End Message ---