[pkg-bacula-devel] Upload

Sven Hartge sven at svenhartge.de
Thu Oct 26 21:48:45 UTC 2017


Um 23:20 Uhr am 26.10.17 schrieb Sven Hartge:

> Only the sysv-init case is/maybe vulnerable, because start-stop-daemon 
> uses the PID file to decide what to kill. (Does it really? Doesn't it 
> check if the PID in the PID file really does belong to a process 
> originating the the $DAEMON binary?)

Code from the sysv-init script:

do_stop()
{
        start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
                --retry TERM/30/KILL/5 --name `basename $DAEMON`
}

We check the PID from the PID file and we match the process name. We could
use --exec to check if the process from the PID file is really an instance
of the executable.

But even right now, changing the PID inside the PID file to anything
other than a process with the name "bacula-dir" won't cause any harm.

Considering this, I think we should scrap the whole changeset and keep the
previous version.

Maybe adding "--exed $DAEMON" to the do_stop() case.

Grüße,
Sven.




More information about the pkg-bacula-devel mailing list