[pkg-bacula-devel] Bug#953030: bacula-sd.postinst fails on systems with protected_regular=2 enabled
Robie Basak
robie.basak at ubuntu.com
Tue Mar 3 15:10:37 GMT 2020
Package: bacula-sd
Version: 9.4.4-2
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu focal ubuntu-patch
Hi,
bacula-sd.postinst currently uses mktemp, chowns to bacula.bacula, and
then attempts to write to the temporary file using a shell redirection.
If a system has /proc/sys/fs/protected_regular set to 2, then this
fails[1].
While what is being done might be safe in this particular case, writing
to a file in /tmp not owned by the writing user is in principle unsafe,
and so it is blocked. In Ubuntu we are moving to protected_regular=2 and
so for us a build of this package becomes uninstallable[2].
Please consider applying the attached patch, which simply rearranges the
postinst to change file ownership after writing the file. This prevents
the protection from being tripped.
Thanks,
Robie
[1] https://www.kernel.org/doc/Documentation/sysctl/fs.txt
[2] https://lists.ubuntu.com/archives/ubuntu-devel/2020-February/040904.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-d-bacula-sd.postinst-change-temporary-file-ownership.patch
Type: text/x-diff
Size: 1138 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-bacula-devel/attachments/20200303/48d33e6c/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-bacula-devel/attachments/20200303/48d33e6c/attachment.sig>
More information about the pkg-bacula-devel
mailing list