Package: dpkg
Hi,
start-stop-daemon should not follow symlinks:
# ls -l /etc/shadow /var/run/foo.pid
-rw-r----- 1 root shadow 662 Apr 10 12:20 /etc/shadow
lrwxrwxrwx 1 nobody nogroup 11 Jun 4 06:00 /var/run/foo.pid -> /etc/shadow
# start-stop-daemon --start --verbose --make-pidfile --pidfile
/var/run/foo.pid --exec /bin/true
Starting /bin/true...
# ls -l /etc/shadow /var/run/foo.pid
-rw-r----- 1 root shadow 6 Jun 4 07:32 /etc/shadow
lrwxrwxrwx 1 nobody nogroup 11 Jun 4 06:00 /var/run/foo.pid -> /etc/shadow
I attached an untested (a configure script would ease testing patches)
patch to fix this. The patch uses O_NOFOLLOW which specified in POSIX
2008 and in Sid it is defined without any additional magic. In Squeeze
one needs to define _GNU_SOURCE to be able to use O_NOFOLLOW.
Carsten
>From e181963ad7653f6a73bc84e273654c530d998210 Mon Sep 17 00:00:00 2001
From: Carsten Hey <cars...@debian.org>
Date: Mon, 4 Jun 2012 09:27:01 +0200
Subject: [PATCH] s-s-d: Do not follow symlinks when creating pidfiles
---
utils/start-stop-daemon.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/utils/start-stop-daemon.c b/utils/start-stop-daemon.c
index ad55097..e2569a4 100644
--- a/utils/start-stop-daemon.c
+++ b/utils/start-stop-daemon.c
@@ -377,8 +377,14 @@ static void
write_pidfile(const char *filename, pid_t pid)
{
FILE *fp;
+ int fd;
+
+ fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC | O_NOFOLLOW, 0644);
+ if (fd == -1)
+ fp = NULL;
+ else
+ fp = fdopen(fd, "w");
- fp = fopen(filename, "w");
if (fp == NULL)
fatal("unable to open pidfile '%s' for writing", filename);
--
1.7.2.5
