Re: RFS: tleds 1.05beta10-9
Russ Allbery <email@example.com> writes:
> I've given the package a thorough and much-needed cleaning, applied all
> the patches in the BTS that looked reasonable and that I could test,
> updated standards version, switched to a modern debhelper compatibility
> level, and cleaned up all the lintian warnings and PTS to-do items.
> Hopefully this will make it easier for any future maintainer to adopt
> the package.
> I'd much appreciate it if someone could sponsor the upload. You can get
> the source package from:
> deb-src http://archives.eyrie.org/debian unstable main
> or via the corresponding direct paths.
I've now corrected the PID file handling for non-root users as well,
fixing the attack pointed out by Steve Langasek. When tleds -k is run as
a non-root user, it now checks the file ownership via fstat before doing
anything and refuses to send a signal if the PID file was not owned by the
effective user ID of the tleds -k process. It also no longer closes and
reopens the PID file while checking to see if the kill was successful,
uses kill(pid, 0) to check if the process died rather than looking at the
existence of the PID file, and sleeps for only one second.
Tested on i386. New packages are in the location above. If someone could
sponsor the upload, I'd appreciate it (assuming everything looks good).
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>