Control: tag -1 + wontfix
On Sat, 19 Nov 2022 09:00:19 +0100 g1 <g...@libero.it> wrote:
Package: unbound
Version: 1.13.1-1
Severity: normal
Tags: patch
X-Debbugs-Cc: g...@libero.it
Hi
With the apparmor profile shipped with unbound, /usr/sbin/unbound is
allowed to truncate and create its own pidfile /run/unbound.pid, but
cannot remove it at exit or rewrite it when it starts again.
As a consequence, "start-stop-daemon --stop" leaves behind an empty pidfile,
and a subsequent "start-stop-daemon --start" spawns a new daemon whose
pid is written nowhere. The overall result is that N invocations of
"/etc/init.d/unbound restart" end up with N-1 daemons running, with
obvious implications for security.
In #947771 Stephane Lapie and Gedalya suggested a simple patch that
solves the problem. That bug report was closed as "problem solved",
without actually applying the patch, probably because I failed to clearly
explain how to reproduce the issue.
This is interesting, since I closed that bug report after merging the
change mentioned in there, which is exactly what you propose below,
with --remove-pidfile option:
https://salsa.debian.org/dns-team/unbound/-/commit/baca147f4cd27753ceca3a2855f463ed905b7eeb
Please, do not close this report unless, on a system managed by
sysvinit-core with apparmor in enforcing mode, exactly one instance of
unbound is left running after invoking "/etc/init.d/unbound restart"
at least four times in a row.
Ok, I'll left this bug open and tag it 'wontfix' for now, so it don't
catch my eyes from now on.
Thanks,
/mjt
