Paul Gevers <elbrus@debian.org> (2021-05-24): > Control: tags -1 d-i confirmed > > Hi kibi, > > On 24-05-2021 00:42, Ryan Tandy wrote: > > Please unblock package micro-evtd > > > > [ Reason ] > > > > Fix micro-evtd creating its pid and status files in /var/run with > > world-writable permissions (#988119). > > > > [ Impact ] > > > > - The pid and status files in /var/run are mode 666, which could be a > > potential security issue. > > - micro-evtd does not stop when asked to with "/etc/init.d/micro-evtd > > stop", because start-stop-daemon refuses to use the insecure pid file. > > - Because of that, the daemon also does not restart on upgrade as it > > should, instead the old version remains running. > > > > [ Tests ] > > > > There are no automated tests. I manually tested the install and upgrade > > cases (testing→unstable). > > > > [ Risks ] > > > > The change should be trivial, but it is possible (if unlikely) that I > > missed some case where the umask 000 was actually needed. > > > > [ Checklist ] > > [✓] all changes are documented in the d/changelog > > [✓] I reviewed all changes and I approve them > > [✓] attach debdiff against the package in testing > > > > [ Other info ] > > > > The package builds a udeb. I tested an installation using a d-i daily > > build with the updated package included, and confirmed the corrected > > file permissions in the d-i environment. > > Your opinion too please. The code change looks innocent enough, the postinst change doesn't affect the udeb, and same comment as in #988083 regarding d-i having been tested by Ryan → please go ahead. Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature