Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags: buster Severity: normal Dear RT In buster, ndppd has a world writable pid file. This prevent the daemon to be stop/restarted, which is a real pain when you set it up. I would like to backport the fix from testing. Attached the proposal. Do you think this is ok? -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru ndppd-0.2.5/debian/changelog ndppd-0.2.5/debian/changelog
--- ndppd-0.2.5/debian/changelog 2018-11-16 17:26:06.000000000 +0100
+++ ndppd-0.2.5/debian/changelog 2019-10-17 10:21:15.000000000 +0200
@@ -1,3 +1,12 @@
+ndppd (0.2.5-4+deb10u1) buster; urgency=medium
+
+ * Patch to avoid word writable pid file, that was breaking daemon init
+ scripts. (Closes: #942117)
+ * postinst script fixing pid file permissions for pre 0.2.5-4+deb10u1
+ running daemons.
+
+ -- Jean-Michel Vourgère <nirgal@debian.org> Thu, 17 Oct 2019 10:21:15 +0200
+
ndppd (0.2.5-4) unstable; urgency=medium
* Migrated vcs to salsa.
diff -Nru ndppd-0.2.5/debian/patches/pid_perms ndppd-0.2.5/debian/patches/pid_perms
--- ndppd-0.2.5/debian/patches/pid_perms 1970-01-01 01:00:00.000000000 +0100
+++ ndppd-0.2.5/debian/patches/pid_perms 2019-10-16 22:48:06.000000000 +0200
@@ -0,0 +1,28 @@
+Description: Umask pid file permissions
+ Pid file was created with default 666 permissions. This causes security
+ issues when trying to stop the process. init stopped working because
+ start-stop-daemon(8) refuses to handle these nasty permissions, since dpkg
+ version 1.19.3.
+Author: Jean-Michel Vourgère <nirgal@debian.org>
+Bug-Debian: https://bugs.debian.org/942117
+Bug: https://github.com/DanielAdolfsson/ndppd/issues/56
+Forwarded: yes
+Last-Update: 2019-10-12
+
+Index: ndppd-0.2.5/src/ndppd.cc
+===================================================================
+--- ndppd-0.2.5.orig/src/ndppd.cc
++++ ndppd-0.2.5/src/ndppd.cc
+@@ -274,10 +274,12 @@ int main(int argc, char* argv[], char* e
+ return -1;
+
+ if (!pidfile.empty()) {
++ mode_t old_umask = umask(022);
+ std::ofstream pf;
+ pf.open(pidfile.c_str(), std::ios::out | std::ios::trunc);
+ pf << getpid() << std::endl;
+ pf.close();
++ umask(old_umask);
+ }
+
+ // Time stuff.
diff -Nru ndppd-0.2.5/debian/patches/series ndppd-0.2.5/debian/patches/series
--- ndppd-0.2.5/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ ndppd-0.2.5/debian/patches/series 2019-10-16 22:48:06.000000000 +0200
@@ -0,0 +1 @@
+pid_perms
diff -Nru ndppd-0.2.5/debian/postinst ndppd-0.2.5/debian/postinst
--- ndppd-0.2.5/debian/postinst 1970-01-01 01:00:00.000000000 +0100
+++ ndppd-0.2.5/debian/postinst 2019-10-17 10:19:32.000000000 +0200
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ configure)
+ if [ -n "$2" ] && dpkg --compare-versions "$2" lt-nl 0.2.5-4+deb10u1
+ then
+ # Buster version can't be stopped. See #942117
+ if [ -f /var/run/ndppd.pid ]
+ then
+ chmod 644 /var/run/ndppd.pid
+ fi
+ fi
+ ;;
+esac
+
+#DEBHELPER#
Attachment:
signature.asc
Description: This is a digitally signed message part.