Re: stunnel4: Fails to stop with sysvinit: start-stop-daemon: matching only on non-root pidfile /var/lib/stunnel4///stunnel4.pid is insecure

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: stunnel4: Fails to stop with sysvinit: start-stop-daemon: matching only on non-root pidfile /var/lib/stunnel4///stunnel4.pid is insecure

Axel Beckert-8
Control: reassign -1 lsb-base
Control: forcemerge 921558 -1
Control: affects 921558 + stunnel4

Hi Paul,

Paul Gevers wrote:
> On Mon, 11 Mar 2019 14:15:25 +0100 Axel Beckert <[hidden email]> wrote:
> > Version: 3:5.50-3
>
> ^^^^^^^^^^^^^^^^^^^
> I don't think the bug is only in this version, is it?

No. But for a reason I did not expect:

In contrary to the other cases of this issue I run into recently
(miredo and smokeping), stunnel4's init script doesn't use
start-stop-daemon directly but via killproc() from
/lib/lsb/init-functions of lsb-base. And the actual bug seems to be in
that shell script library:

    125 # start-stop-daemon uses the same algorithm as "pidofproc" above.
    126 killproc () {
    127     local pidfile sig status base name_param is_term_sig OPTIND
    128     pidfile=
    129     name_param=
    130     is_term_sig=
    131
    132     OPTIND=1
    133     while getopts p: opt ; do
    134         case "$opt" in
    135             p)  pidfile="$OPTARG";;
    136         esac
    137     done
    138     shift $(($OPTIND - 1))
    139
    140     base=${1##*/}
    141     if [ ! $pidfile ]; then
    142         name_param="--name $base --pidfile /var/run/$base.pid"
    143     else
    144         name_param="--pidfile $pidfile"
    145     fi
    […]     […]
    152     status=0
    153     if [ ! "$is_term_sig" ]; then
    154         if [ -n "$sig" ]; then
    155             /sbin/start-stop-daemon --stop --signal "$sig" \
    156                 --quiet $name_param || status="$?"
    157         else
    158             /sbin/start-stop-daemon --stop \
    159                 --retry 5 \
    160                 --quiet $name_param || status="$?"
    161         fi
    162     else
    163         /sbin/start-stop-daemon --stop --quiet \
    164             --oknodo $name_param || status="$?"
    165     fi

Since neither name_param nor any of the start-stop-daemon --stop calls
contain --exec or -x nor does killproc allow to pass additional
parameters, this looks like a bug in lsb-base. And indeed, it is and
is also already reported: https://bugs.debian.org/921558

Reassigning accordingly.

> This bug is currently blocking the migration of stunnel4 to testing
> which is needed to have openssl migrate. I'd like to do that today
> because tomorrow the full freeze starts.

Should be solved now. Thanks for poking me so that I had a closer
look!

                Regards, Axel
--
 ,''`.  |  Axel Beckert <[hidden email]>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Bug#924312: stunnel4: Fails to stop with sysvinit: start-stop-daemon: matching only on non-root pidfile /var/lib/stunnel4///stunnel4.pid is insecure

Axel Beckert-8
Hi Peter,

Peter Pentchev wrote:
> > […], this looks like a bug in lsb-base. And indeed, it is and
> > is also already reported: https://bugs.debian.org/921558
> >
> > Reassigning accordingly.
>
> Thanks for reporting this and for your analysis!

You're welcome.

> I came up with the same result […] To be honest, I don't think I
> should upload stunnel with a patch that makes the init script use
> the LSB start_daemon function to start the process and then uses
> start-stop-daemon directly to stop it; […] I would prefer some kind
> of change in init-functions that would let me continue to use the
> LSB shell functions.

*nod* I submitted a patch to #921558 which seems to fix the issue for
at least stunnel, but I think it should get some more testing before
uploading that as a fix.

                Regards, Axel
--
 ,''`.  |  Axel Beckert <[hidden email]>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE