[Pkg-nagios-devel] Bug#465530: Bug#465530: Bug#465530: nagios-plugins 1.4-6sarge1 lacks check_procs
sean finney
seanius at debian.org
Wed Feb 13 19:15:29 UTC 2008
On Wednesday 13 February 2008 07:54:04 pm Luk Claes wrote:
> sean finney wrote:
> > hi everyone,
>
> Hi
>
> > okay, it looks like the problem was that the person who did the security
> > upload built the package in a sarge chroot without /proc mounted (i can
> > duplicate the problem unmounting /proc in my pbuilder chroot).
> >
> > so, my question is what are the next steps? can the security team just
> > trigger a rebuild/binNMU, or do we need another sourceful upload? if so
> > should i provide an update in debian/rules that checks for /proc to be
> > mounted just in case this happens again?
> I think I can schedule binNMUs now though the buildds have to have proc
> mounted beforehand or the one signing has to be careful enough not to
> sign if it's not yet fixed with the binNMU.
>
> So I guess that's up to the Security Team to decide.
i don't think this was a problem on any of the buildds this time around,
though someone ought to do a dpkg-deb --contents foo.deb | grep check_procs
on the debs "just to make sure"... or alternatively i could copy the check
from debian/rules in etch for a new upload. i'll go with whatever the
security peeps say.
> You do check for a mounted proc in the unstable/testing/experimental
> version, right? I kind of remember seeing it as the check fails even if
> there is a proc mounted from outside the chroot...
the etch and lenny/sid versions both have explicit checks for a mounted /proc
in debian/rules (test -d /proc/1), yes.
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20080213/812a8310/attachment.pgp
More information about the Pkg-nagios-devel
mailing list