[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: tleds 1.05beta10-9



On Sat, Aug 27, 2005 at 01:11:42PM -0700, Russ Allbery wrote:
> Russ Allbery <rra@stanford.edu> writes:

> > I've given the package a thorough and much-needed cleaning, applied all
> > the patches in the BTS that looked reasonable and that I could test,
> > updated standards version, switched to a modern debhelper compatibility
> > level, and cleaned up all the lintian warnings and PTS to-do items.
> > Hopefully this will make it easier for any future maintainer to adopt
> > the package.

> > I'd much appreciate it if someone could sponsor the upload.  You can get
> > the source package from:

> >     deb-src http://archives.eyrie.org/debian unstable main

> > or via the corresponding direct paths.

> I've now corrected the PID file handling for non-root users as well,
> fixing the attack pointed out by Steve Langasek.  When tleds -k is run as
> a non-root user, it now checks the file ownership via fstat before doing
> anything and refuses to send a signal if the PID file was not owned by the
> effective user ID of the tleds -k process.  It also no longer closes and
> reopens the PID file while checking to see if the kill was successful,
> uses kill(pid, 0) to check if the process died rather than looking at the
> existence of the PID file, and sleeps for only one second.

> Tested on i386.  New packages are in the location above.  If someone could
> sponsor the upload, I'd appreciate it (assuming everything looks good).

Looks good to me -- uploaded.  Thanks, Russ.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature


Reply to: