Package: rasdaemon Version: 0.6.7-1 Severity: important Usertags: permissions
The upgrade of rasdaemon from 0.6.6-3 to 0.6.7-1 in Debian bookworm removed /var/lib/rasdaemon from the binary package. Instead it gets created by the daemon when it starts. The directory created by the daemon is readable only by root but the directory from the former binary package was readable by all users. The daemon does not change the permissions on any existing directory. This means that whether or not the ras-mc_event.db database is readable for all users depends on whether or not the rasdaemon was upgraded from bullseye versus newly installed on bookworm. Since RAS/EDAC events are about the reliability of the RAM hardware and given the existence of rowhammer, potentially the database of these events should be restricted to root, as the daemon currently ensures. That would mean that the postinst should update the permissions when they are still the old world-readable default from bullseye. Log started: 2022-02-22 12:08:37 apt-listchanges: Reading changelogs... apt-listchanges: Mailing root: apt-listchanges: changelogs for chianamo apt-listchanges: Reading changelogs... Preparing to unpack .../rasdaemon_0.6.7-1_amd64.deb ... Unpacking rasdaemon (0.6.7-1) over (0.6.6-3) ... dpkg: warning: unable to delete old directory '/var/lib/rasdaemon': Directory not empty Setting up rasdaemon (0.6.7-1) ... Processing triggers for man-db (2.10.1-1) ... Log ended: 2022-02-22 12:09:11 $ sudo mv /var/lib/rasdaemon /var/lib/rasdaemon.bak $ sudo chronic apt reinstall rasdaemon $ sudo ls -ld /var/lib/rasdaemon* drwx------ 2 root root 4096 Feb 22 16:16 /var/lib/rasdaemon drwxr-xr-x 2 root root 4096 May 22 2021 /var/lib/rasdaemon.bak $ sudo ls -ll /var/lib/rasdaemon* /var/lib/rasdaemon: total 20 -rw-r--r-- 1 root root 20480 Feb 22 16:16 ras-mc_event.db /var/lib/rasdaemon.bak: total 40 -rw-r--r-- 1 root root 36864 May 22 2021 ras-mc_event.db -- System Information: Debian Release: bookworm/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.15.0-3-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages rasdaemon depends on: ii init-system-helpers 1.62 ii libc6 2.33-6 ii libdbd-sqlite3-perl 1.70-3+b1 ii libsqlite3-0 3.37.2-2 ii perl 5.34.0-3 ii sqlite3 3.37.2-2 rasdaemon recommends no packages. rasdaemon suggests no packages. -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
