Control: tags -1 pending On 13 February 2014 21:18, Helmut Grohne <hel...@subdivi.de> wrote: > Control: retitle -1 initscripts: Skip killing root-owned process starting > with @ > > On Thu, Feb 13, 2014 at 08:58:33PM +0000, Dimitri John Ledkov wrote: >> How about limiting it to processes running as root? >> >> E.g. pgrep -u root -f "^@" ? >> >> That way there is no loop-hole opened, since those processes could >> have written to /run/sendsigs.omit.d/ already. > > I concur with this remedy. Can you update your patch or remove the patch > tag? >
Updated patch, pushed to master. Tagging pending. >> Writing out a pidfile (and or otherwise copying them around is ok) but >> it is debian [derivative] specific as far as I can tell. >> Where is "@" convention is supported by a larger amount of >> distributions and other initsystems (e.g. systemd). >> ( http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ ) >> Writing out a pid-file should be avoided, especially since that is >> optional across all init systems and un-desirable for newer ones. >> Also, processes could be started off-root (e.g. initramfs) and/or >> otherwise not hold-up unmounting root. >> Thus I find "@" convention useful and lightweight self-identification. > > Thanks for pointing out the rationale and documentation. Did you notice > that the referenced documentation explicitly restricts the technique to > root-owned processes? > Yes, yes, yes I did *cough* =) > Thanks for not introducing a security issue. :) > Thanks a lot for the review! -- Regards, Dimitri. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
