Bug#738855: [Pkg-sysvinit-devel] Bug#738855: initscripts: Skip killing root-owned process starting with @

Control: tags -1 -pending I am still unsure about this approach, and have decided to revert the change in git to have more time to consider it while still being able to upload newer versions from git. This was the change I removed: --- a/debian/changelog +++ b/debian/changelog @@ -11,10 +11,6 @@

Bug#738855: [oss-security] Re: Bug#738855: initscripts: Skip killing root-owned process starting with @

On Sat, Feb 15, 2014 at 05:22:15PM +0100, Florian Weimer wrote: > * Helmut Grohne: > > > In this context allowing user processes to not be killed merely by > > changing their name could cause data loss during shutdown by > > blocking umount. > > Does that actually work? If so, it's a funcitonali

Bug#738855: initscripts: Skip killing root-owned process starting with @

On Fri, Feb 14, 2014 at 09:18:19AM +0100, Helmut Grohne wrote: > Hmm. Maybe you can hold this patch off for a little longer? Discussion on oss-sec is inconclusive. Specifically there is no strong opinion that the approach is considered to be a vulnerability or weakness. Please move forward with yo

Bug#738855: initscripts: Skip killing root-owned process starting with @

I am not convinced this is something we should implement in init.d/sendsigs. If we are going to implement this systemd compatibility, it might be better to implement it as a option for killall5, instead of faking omitpid values. Anyone willing to write such implementation? killall5 already know

Bug#738855: initscripts: Skip killing root-owned process starting with @

On Fri, Feb 14, 2014 at 12:28:52AM +, Dimitri John Ledkov wrote: > Thanks a lot for the review! Hmm. Maybe you can hold this patch off for a little longer? Pulling in oss-sec, because I am no longer sure that the remedy addresses all relevant aspects. Summary of previous discussion follows fo

Bug#738855: initscripts: Skip killing root-owned process starting with @

Control: tags -1 pending On 13 February 2014 21:18, Helmut Grohne wrote: > Control: retitle -1 initscripts: Skip killing root-owned process starting > with @ > > On Thu, Feb 13, 2014 at 08:58:33PM +, Dimitri John Ledkov wrote: >> How about limiting it to processes running as root? >> >> E.g.

Bug#738855: initscripts: Skip killing root-owned process starting with @

Control: retitle -1 initscripts: Skip killing root-owned process starting with @ On Thu, Feb 13, 2014 at 08:58:33PM +, Dimitri John Ledkov wrote: > How about limiting it to processes running as root? > > E.g. pgrep -u root -f "^@" ? > > That way there is no loop-hole opened, since those proc