[Pkg-sysvinit-devel] Bug#687410: sysvinit: non-privileged user can cause sysvinit.postinst to fail

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Sep 12 13:22:29 UTC 2012 

Package: sysvinit
Version: 2.88dsf-31
Severity: normal

sysvinit.postinst has the following code:

 PID="$(pidof /sbin/init || true)"
[...]
                        kill -s USR1 "$PID"


But a normal user can cause "pidof /sbin/init" to produce more than
one output, e.g. with "chpst -b /sbin/init cat", or even (hoping for
some sort of race condition) "while true; do /sbin/init; done".

In that case, PID will be set to something like "1 15364", which means
that kill will fail with something like:

(bash):
 kill: 1 15364: arguments must be process or job IDs

(dash):
 kill: Illegal number: 1 23452

both return a non-zero error code, which will cause the maintainer
script to bail due to the "set -e", leaving a very cryptic message for
the upgrade.

It seems like a bad thing for a non-privileged user to be able to deny
the sysadmin the ability to effectively upgrade a package.

using pidof -s doesn't seem to fix things, because that is as likely
to return the non-privileged process ID as the privileged process ID.

If pidof could limit itself to only reporting on processes running as
a given user (the superuser in this case), that might avoid this
situation.

The core of the problem here is that argv[0] is an unreliable source
of information about what the proces actually is, since it is under
the control of the person running the process.

        --dkg

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-3-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages sysvinit depends on:
ii  debianutils     4.3.2
ii  initscripts     2.88dsf-31
ii  libc6           2.13-35
ii  libselinux1     2.1.9-5
ii  libsepol1       2.1.4-3
ii  sysv-rc         2.88dsf-31
ii  sysvinit-utils  2.88dsf-31

sysvinit recommends no packages.

sysvinit suggests no packages.

-- no debconf information

More information about the Pkg-sysvinit-devel mailing list