[Pkg-nagios-devel] Bug#465530: Bug#465530: nagios-plugins 1.4-6sarge1 lacks check_procs

Luk Claes luk at debian.org
Wed Feb 13 21:58:36 UTC 2008


sean finney wrote:
> On Wednesday 13 February 2008 07:54:04 pm Luk Claes wrote:
>> sean finney wrote:
>>> hi everyone,
>> Hi
>>
>>> okay, it looks like the problem was that the person who did the security
>>> upload built the package in a sarge chroot without /proc mounted (i can
>>> duplicate the problem unmounting /proc in my pbuilder chroot).
>>>
>>> so, my question is what are the next steps?  can the security team just
>>> trigger a rebuild/binNMU, or do we need another sourceful upload?  if so
>>> should i provide an update in debian/rules that checks for /proc to be
>>> mounted just in case this happens again?
> 
>> I think I can schedule binNMUs now though the buildds have to have proc
>> mounted beforehand or the one signing has to be careful enough not to
>> sign if it's not yet fixed with the binNMU.
>>
>> So I guess that's up to the Security Team to decide.
> 
> i don't think this was a problem on any of the buildds this time around, 
> though someone ought to do a dpkg-deb --contents foo.deb | grep check_procs 
> on the debs "just to make sure"...  or alternatively i could copy the check 
> from debian/rules in etch for a new upload.  i'll go with whatever the 
> security peeps say.

For the etch version check_procs doesn't seem to be included in
nagios-plugins and nagios-plugins-standard, but it's included for
nagios-plugins-basic. For the sarge version it's only missing in the
i386 version.

>> You do check for a mounted proc in the unstable/testing/experimental
>> version, right? I kind of remember seeing it as the check fails even if
>> there is a proc mounted from outside the chroot...
> 
> the etch and lenny/sid versions both have explicit checks for a mounted /proc 
> in debian/rules (test -d /proc/1), yes.

This check indeed fails very reliably on the s390 experimental buildd,
couldn't you check with 'test -d /proc/net' or something like that which
 would work ok?

Cheers

Luk




More information about the Pkg-nagios-devel mailing list