Package: xen-tools Version: 4.5-1 Severity: normal Tags: patch
Hello again,
I had an issue with enableStartStopDaemon and disableStartStopDaemon
after the security update of dpkg in June 2014 [1]. The upgrade of the
dpkg package after enableStartStopDaemon was called caused the stub
starter to be overwritten. This resulted in some services being started
in my dom0. Also /sbin/start-stop-daemon was reverted to the version
prior to the security update by disableStartStopDaemon.
I have worked around the issue using dpkg-divert, patch attached. If
you feel this is the wrong way to fix the issue for any reason feel
free to disregard the patch. I am using the patched version since June
and it seems to work fine. If I didn't make a mistake, this approach
should only fail if a "starter" is already dpkg-diverted or the
"${daemonfile}.REAL" file I'm diverting to already exists (which both
shouldn't be the case for a new install).
Sorry for not reporting this earlier, I only remembered it after
reporting the other issue earlier today. Thank you for developing and
maintaining xen-tools!
Regards
Lukas
[1] https://lists.debian.org/debian-security-announce/2014/msg00133.html
diff --git a/hooks/common.sh b/hooks/common.sh
index 02668ec..0c0841e 100755
--- a/hooks/common.sh
+++ b/hooks/common.sh
@@ -272,16 +272,14 @@ disableStartStopDaemon ()
local prefix="$1"
assert "$LINENO" "${prefix}"
for starter in start-stop-daemon initctl; do
- local daemonfile="${prefix}/sbin/${starter}"
+ local daemonfile="/sbin/${starter}"
- if [ -e "${daemonfile}" ]; then
- mv "${daemonfile}" "${daemonfile}.REAL"
- echo '#!/bin/sh' > "${daemonfile}"
- echo "echo \"Warning: Fake ${starter} called, doing nothing\"" >> "${daemonfile}"
+ chroot "${prefix}" dpkg-divert --divert "${daemonfile}.REAL" --local --rename "${daemonfile}"
+ echo '#!/bin/sh' > "${prefix}${daemonfile}"
+ echo "echo \"Warning: Fake ${starter} called, doing nothing\"" >> "${prefix}${daemonfile}"
- chmod 755 "${daemonfile}"
- logMessage "${starter} disabled / made a stub."
- fi
+ chmod 755 "${prefix}${daemonfile}"
+ logMessage "${starter} disabled / made a stub."
done
}
@@ -295,15 +293,14 @@ enableStartStopDaemon ()
local prefix=$1
assert "$LINENO" "${prefix}"
for starter in start-stop-daemon initctl; do
- local daemonfile="${prefix}/sbin/${starter}"
-
- #
- # If the disabled file is present then enable it.
- #
- if [ -e "${daemonfile}.REAL" ]; then
- mv "${daemonfile}.REAL" "${daemonfile}"
- logMessage "${starter} restored to working order."
+ local daemonfile="/sbin/${starter}"
+
+ # remove the local diversion if it is in place
+ if [ "`chroot "${prefix}" dpkg-divert --listpackage "${daemonfile}"`a" = "LOCALa" ]; then
+ rm -f "${prefix}${daemonfile}"
+ chroot "${prefix}" dpkg-divert --rename --remove "${daemonfile}"
fi
+ logMessage "${starter} restored to working order."
done
}
pgp1sX70ugSHe.pgp
Description: OpenPGP digital signature
