Your message dated Mon, 15 Dec 2014 11:04:14 +0000
with message-id <[email protected]>
and subject line Bug#773107: fixed in dbus 1.9.4-2
has caused the Debian Bug report #773107,
regarding dbus-daemon-launch-helper permissions temporarily wrong during 
upgrades
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
773107: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773107
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dbus
Version: 1.8.12-1
Severity: important

dbus-daemon-launch-helper is expected to be setuid root and executable
by group messagebus, i.e. "root messagebus 4754" in dpkg-statoverride syntax.
However, because messagebus is a dynamically-allocated system group,
the file in the .deb is actually "root root 0755", with ownership
and permissions fixed up during installation.

At the moment we just do a trivial chown/chmod in the postinst:

    if ! dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1; then
            chown root:"$MESSAGEUSER" "$LAUNCHER"
            chmod 4754 "$LAUNCHER"
    fi

However, this is not as robust as it could be. When a new dbus has been
unpacked but not yet configured, dbus-daemon-launch-helper is
temporarily "root root 0755", breaking system service activation.

While upgrading a wheezy laptop to jessie, I hit one of the current dpkg
bugs with trigger cycles (man-db -> man-db) which stopped the upgrade
while dbus was in this state. An error message from PackageKit notification
demonstrated the bug:

dpkg: cycle found while processing triggers:
 chain of packages whose triggers are or may be responsible:
  man-db -> man-db
...
Error: GDBus.Error:org.freedesktop.DBus.Error.Spawn.PermissionsInvalid: The 
permission of the setuid helper is not correct
E: Sub-process /usr/bin/dpkg returned an error code (1)

I think we could make dbus more robust by following the pattern
suggested in Policy §10.9:

    # postinst
    if ! dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1; then
        dpkg-statoverride --update --add root "$MESSAGEUSER" 4754 "$LAUNCHER"
    fi

    # postrm, $1 = purge
    if dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1 ; then
        dpkg-statoverride --remove "$LAUNCHER"
    fi

This would not immediately help upgrades from current dbus versions to the
first version with this bug fixed, but all subsequent upgrades
(e.g. jessie -> stretch) would avoid the broken transitional state.

We could optionally also do something like this in preinst:

    # preinst
    if getent group "$MESSAGEUSER" >/dev/null && \
            -x "$LAUNCHER" && \
            ! dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1; then
        dpkg-statoverride --update --add root "$MESSAGEUSER" 4754 "$LAUNCHER"
    fi

to improve the robustness of upgrades from current dbus versions to the
fixed version.

Regards,
    S

--- End Message ---
--- Begin Message ---
Source: dbus
Source-Version: 1.9.4-2

We believe that the bug you reported is fixed in the latest version of
dbus, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated dbus package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 15 Dec 2014 08:18:15 +0000
Source: dbus
Binary: dbus dbus-udeb dbus-x11 libdbus-1-3 libdbus-1-3-udeb dbus-1-doc 
libdbus-1-dev dbus-1-dbg
Architecture: all source
Version: 1.9.4-2
Distribution: experimental
Urgency: medium
Maintainer: Utopia Maintenance Team 
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 773107
Description: 
 dbus-1-dbg - simple interprocess messaging system (debug symbols)
 dbus-1-doc - simple interprocess messaging system (documentation)
 dbus       - simple interprocess messaging system (daemon and utilities)
 dbus-udeb  - simple interprocess messaging system (minimal runtime) (udeb)
 dbus-x11   - simple interprocess messaging system (X11 deps)
 libdbus-1-3 - simple interprocess messaging system (library)
 libdbus-1-3-udeb - simple interprocess messaging system (minimal library) 
(udeb)
 libdbus-1-dev - simple interprocess messaging system (development headers)
Changes:
 dbus (1.9.4-2) experimental; urgency=medium
 .
   * postinst: use dpkg-statoverride to set the permissions for
     dbus-daemon-launch-helper (expected to be 04754 root:messagebus)
     as suggested in Policy §10.9. This avoids a temporarily broken state
     when an upgraded dbus is unpacked but not yet configured (Closes: #773107)
   * preinst: opportunistically set up the same dpkg-statoverride entry
     if the group already exists, to avoid the same broken state during
     upgrades from older versions without needing Pre-Depends: adduser
   * postrm: delete the dpkg-statoverride entry on purge
Checksums-Sha1: 
 c9d04a2152b4a783801eabc26d5bec9ca408e165 2778 dbus_1.9.4-2.dsc
 56a236cd145642f3693d2eb52d270bd47a78ec11 37656 dbus_1.9.4-2.debian.tar.xz
 19a52be72f456e2748e3339d1a19249fb1ab27e1 1314182 dbus-1-doc_1.9.4-2_all.deb
Checksums-Sha256: 
 b70d80fd863e55ab249f6e18975bdc1c7365a886eb98eca39836341710d7fdae 2778 
dbus_1.9.4-2.dsc
 2700c5f3fb52acf7aefc7e3e8d0219777c1f554da9b2f96f328eab21caae2b9a 37656 
dbus_1.9.4-2.debian.tar.xz
 2b03ede992a7bf545e7793f98b215b0e5d9614fb1c5d0e74e77c7c1f76cc04f4 1314182 
dbus-1-doc_1.9.4-2_all.deb
Files: 
 27e1da8541a5f1ce4ef1b6aefa859793 2778 admin optional dbus_1.9.4-2.dsc
 7a00701e773980b948d2a46fae18c7a6 37656 admin optional 
dbus_1.9.4-2.debian.tar.xz
 f27b5b8a963e0d6944defc54061c4758 1314182 doc optional 
dbus-1-doc_1.9.4-2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIVAwUBVI68wU3o/ypjx8yQAQgBKQ/+J10c2yXYNpdjAn6tvk/2bp5GW+pzLF+v
j2EWxtKgdIXmuWj9Gfl+T2+NeF2++JlbuAAcOPi8UesEa4Mj4k6FtYTpX81gwPW+
f0pBnap2sg1vR3+JEgWOoP2Seup7mttwZbE6vyFhBx9neu+fmst/YiHGoKuYUqrl
mBAg6jRjUjpucR+7I8thpDpc0sMViIQQVJbZ/6EeWi5gn/dlI3/951SoXmsxVxGG
dvvEOz3g2f3wuCkoZKISKUWcFAL2bGZrUBPWcIRncycfvkns6xT2UPCxYfVY7mff
sfasuaYWL9+/DRtEeK0MvcS5lNorJ93f+HplxvLM6Gie50UFFuon0Vojychfhrsn
REKmwrjaN3UlA6QbG8NFX2UjAKNxbfRjrQ01mRWIKkDP22oaBPiBQvCdkhfEllgx
D6NztW1b0Whw7+ucAGOBTR9vmRk70i1q4xyaNQRF7gaqZr7CN4YHJnZSPgpntjp8
y/wsumSRcuBiq3VUtPh/B3mg480f29MwFPA0AI2oszfAzFlTOYQ85AcMnFmeMD0R
S+UCsrANaAjY1F+mp/xgdpNoZ4AuIA+NZL9gtLkHpBGGNxFoW3hiHpwww1dVA0bs
v0/F59Nu285C9IMwYJKwAUFWA1utkqoWR9bxB+SjmgG1lp9tlbD/xu83YL/eE3aq
0sLkeMSvZrk=
=tqIl
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to