[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#989025: unblock: micro-evtd/3.4-7



Paul Gevers <elbrus@debian.org> (2021-05-24):
> Control: tags -1 d-i confirmed
> 
> Hi kibi,
> 
> On 24-05-2021 00:42, Ryan Tandy wrote:
> > Please unblock package micro-evtd
> > 
> > [ Reason ]
> > 
> > Fix micro-evtd creating its pid and status files in /var/run with
> > world-writable permissions (#988119).
> > 
> > [ Impact ]
> > 
> > - The pid and status files in /var/run are mode 666, which could be a
> >  potential security issue.
> > - micro-evtd does not stop when asked to with "/etc/init.d/micro-evtd
> >  stop", because start-stop-daemon refuses to use the insecure pid file.
> > - Because of that, the daemon also does not restart on upgrade as it
> >  should, instead the old version remains running.
> > 
> > [ Tests ]
> > 
> > There are no automated tests. I manually tested the install and upgrade
> > cases (testing→unstable).
> > 
> > [ Risks ]
> > 
> > The change should be trivial, but it is possible (if unlikely) that I
> > missed some case where the umask 000 was actually needed.
> > 
> > [ Checklist ]
> >  [✓] all changes are documented in the d/changelog
> >  [✓] I reviewed all changes and I approve them
> >  [✓] attach debdiff against the package in testing
> > 
> > [ Other info ]
> > 
> > The package builds a udeb. I tested an installation using a d-i daily
> > build with the updated package included, and confirmed the corrected
> > file permissions in the d-i environment.
> 
> Your opinion too please.

The code change looks innocent enough, the postinst change doesn't
affect the udeb, and same comment as in #988083 regarding d-i having
been tested by Ryan → please go ahead.


Cheers,
-- 
Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

Attachment: signature.asc
Description: PGP signature


Reply to: