BUG: start-stop-daemon has the poettering bug

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

BUG: start-stop-daemon has the poettering bug

Bodo Eggert-4
Test case:

start-stop-daemon --start -c 7eggert --exec `which sleep` 300

Expected behaviour: Start as uid 1000
Real behaviour: Starts as uid 7

Reply | Threaded
Open this post in threaded view
|

Re: BUG: start-stop-daemon has the poettering bug

Guillem Jover
Hi!

On Mon, 2017-07-03 at 20:53:29 +0200, Bodo Eggert wrote:
> Test case:
>
> start-stop-daemon --start -c 7eggert --exec `which sleep` 300
>
> Expected behaviour: Start as uid 1000
> Real behaviour: Starts as uid 7

Thanks, this should be fixed now in master with:

  <https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=55c291c>


BTW, I don't know (and I don't think I want to know either) what the
subject has to do with this, but it seems unnecessarily abrasive.

Thanks,
Guillem

Reply | Threaded
Open this post in threaded view
|

Re: BUG: start-stop-daemon has the poettering bug

Adam D. Barratt
On Tue, 2017-07-04 at 05:17 +0200, Guillem Jover wrote:
> Hi!
>
> On Mon, 2017-07-03 at 20:53:29 +0200, Bodo Eggert wrote:
> > Test case:
> >
> > start-stop-daemon --start -c 7eggert --exec `which sleep` 300
> >
> > Expected behaviour: Start as uid 1000
> > Real behaviour: Starts as uid 7
[...]
> BTW, I don't know (and I don't think I want to know either) what the
> subject has to do with this, but it seems unnecessarily abrasive.

It's also incorrect, as it's referring to a different bug (with
different symptoms).

Regards,

Adam

Reply | Threaded
Open this post in threaded view
|

Re: BUG: start-stop-daemon has the poettering bug

Bodo Eggert-4
In reply to this post by Guillem Jover
On Tue, 4 Jul 2017, Guillem Jover wrote:

> BTW, I don't know (and I don't think I want to know either) what the
> subject has to do with this, but it seems unnecessarily abrasive.

Sorry, I was made aware of the bug because of the currently discussed
systemd situation and made a quick and unprefessional  report. However,
even looking back, it's deserved.

with kind regards
        Bodo Eggert

Reply | Threaded
Open this post in threaded view
|

Re: start-stop-daemon mishandles usernames starting with digits

Ian Jackson-2
Bodo Eggert writes ("Re: BUG: start-stop-daemon has the poettering bug"):
> On Tue, 4 Jul 2017, Guillem Jover wrote:
> > BTW, I don't know (and I don't think I want to know either) what the
> > subject has to do with this, but it seems unnecessarily abrasive.
>
> Sorry, I was made aware of the bug because of the currently discussed
> systemd situation and made a quick and unprefessional  report. However,
> even looking back, it's deserved.

The correct thing to do would have been to file a bug report in the
Debian bug system, with a subject line not referring to systemd and
not making a personal attack.  I have changed the subject line of this
thread.

You could reference the systemd bug with something like this:

  I was inspired to check start-stop-daemon by hearing about
  this bug report against systemd:
     https://github.com/systemd/systemd/issues/6237

Guillem, thanks for fixing the bug promptly.  Do we want to push that
out in a stable update ?

Ian.

Reply | Threaded
Open this post in threaded view
|

Re: BUG: start-stop-daemon has the poettering bug

Adam D. Barratt
In reply to this post by Bodo Eggert-4
On Tue, 2017-07-04 at 14:35 +0200, Bodo Eggert wrote:
> On Tue, 4 Jul 2017, Guillem Jover wrote:
>
> > BTW, I don't know (and I don't think I want to know either) what the
> > subject has to do with this, but it seems unnecessarily abrasive.
>
> Sorry, I was made aware of the bug because of the currently discussed
> systemd situation and made a quick and unprefessional  report. However,
> even looking back, it's deserved.

It's /still/ a completely different bug with different causes and
effects, with the only real similarity being that it involves usernames
starting with a digit being misparsed (it degrades to the same behaviour
as the systemd bug in 10% of cases, but that's a far stretch from being
the same thing).
Regards,

Adam

Reply | Threaded
Open this post in threaded view
|

Re: start-stop-daemon mishandles usernames starting with digits

Guillem Jover
In reply to this post by Ian Jackson-2
On Tue, 2017-07-04 at 15:16:20 +0100, Ian Jackson wrote:
> Guillem, thanks for fixing the bug promptly.  Do we want to push that
> out in a stable update ?

Although I doubt this affects any Debian package, given the default
allowed pattern in adduser/addgroup for user names, and going from
memory from last time I scanned all of them. This is still a potential
problem for site-specific users or even with just bogus input.

So yes, I do think this is worth proposing for a stable update, and
something I realized the day after fixing it and while getting back
from my daily lethargy, that I had forgotten to mark the commit with
a Stable-Candidate field. :)

In any case, once this is in sid, I'll push it to the queue of proposed
fixes for stable.

Thanks,
Guillem