Your message dated Wed, 13 Jan 2016 11:05:48 +0000
with message-id <[email protected]>
and subject line Bug#668253: fixed in inspircd 1.1.22+dfsg-4+squeeze3
has caused the Debian Bug report #668253,
regarding inspircd: does not close stdin or stderr on startup, consumes 100% cpu
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
668253: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668253
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: inspircd
Version: 1.1.22+dfsg-4
Severity: important
Tags: security
I noticed that my inspircd would run at 100% CPU usage after being
restarted. Well actually this only started after I logged out. A quick
strace shows that inspircd calls poll in a loop and the result is always
fd=0. lsof then shows that fd=0 is connected to the terminal I used to
restart inspircd. When I logged out, it was closed and poll would always
return that fd. The problem is worse though. This can be used to
escalate privileges (from irc to root) when combined with an arbitrary
code execution flaw (such as the one fixed in DSA-2448-1).
Interestingly this problem does not exist according to the
documentation (include/inspircd.h):
| /** Daemonize the ircd and close standard input/output streams
| * @return True if the program daemonized succesfully
| */
| bool DaemonSeed();
However looking at the definition (src/inspircd.cpp) clearly shows that
the closing of the streams does not happen.
Helmut
--- End Message ---
--- Begin Message ---
Source: inspircd
Source-Version: 1.1.22+dfsg-4+squeeze3
We believe that the bug you reported is fixed in the latest version of
inspircd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ben Hutchings <[email protected]> (supplier of updated inspircd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Jan 2016 09:52:46 +0000
Source: inspircd
Binary: inspircd inspircd-dbg
Architecture: source
Version: 1.1.22+dfsg-4+squeeze3
Distribution: squeeze-lts
Urgency: medium
Maintainer: Debian IRC Team <[email protected]>
Changed-By: Ben Hutchings <[email protected]>
Description:
inspircd - Modular IRCd written in C++
inspircd-dbg - Modular IRCd written in C++ - debugging symbols
Closes: 668253
Changes:
inspircd (1.1.22+dfsg-4+squeeze3) squeeze-lts; urgency=medium
.
* Non-maintainer upload by the Debian LTS team
* Convert to 3.0 (quilt) format
* Reject replies to DNS PTR requests that contain invalid characters
(CVE-2015-8702)
* Remove broken libc version check (Closes: #668253)
Checksums-Sha1:
f66f8effaf3b2e401dca514eadc6d1cd2121521e 2201
inspircd_1.1.22+dfsg-4+squeeze3.dsc
9ad56901c753a8e6c3a97b15b4fe614d03d311a8 15464
inspircd_1.1.22+dfsg-4+squeeze3.debian.tar.xz
Checksums-Sha256:
c3d7d543133603c9e996c4b477412cdbfeb259a608e84626ee27db878ca1ceb1 2201
inspircd_1.1.22+dfsg-4+squeeze3.dsc
9da861ce7c8017eb2779d55d614dda2e44921204462fb9cb37e59673d58bf388 15464
inspircd_1.1.22+dfsg-4+squeeze3.debian.tar.xz
Files:
08b94a45929b6d52453e7ab3c55f56cb 2201 net optional
inspircd_1.1.22+dfsg-4+squeeze3.dsc
4ad817a4dece4b29b8a834287efc3f81 15464 net optional
inspircd_1.1.22+dfsg-4+squeeze3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVpYtnue/yOyVhhEJAQrzShAApxg3bnTH2Fo/JlLn5bSHEZBGEO6uPsAK
ACcJXJvb65RPfU2EbNtKS8+v4m0rl1DKsznx0x4Nt2j+0EjCVMsNXTuSQamMjioF
MQU+aACKcdOcHtNXYH8JOGibOC1k4pBreTWw/SGx3WfnUzqHvHCnFAGcmuwtdjuC
8TnnoUdSf9vvf97kTlEs8yYfeL4Tp+Jy9+dT9YI4A+EjIwdlzVV8fehE5+qqmThj
0MKwpAl9zYRoT8LmGFe4IFWrSPJWcK2zWirWYw8Y4jy6pPq5YvU0woKsk/7hQag0
LpDCX/6yT7fUM1pVtcL1RBomF72CxexiMisl2iZKPAx0UtN+I2t/PZjpCyyOxVIj
qzjDtnHpsT685KRdJQ7Op5G/ZXVHHO67gPF/l1VzgXGhhJsOFDc7FubdWOlrVVds
FvdDnEhpXBtQQ0GENp8u+c4AF+HJVn2rgeKa2l9+HEqL/AMh57Kf4EXUhWQ/iUKr
Wbz0zev+b5+YXsaU2rSwrEwtpa1aKVWhpaCl8rkppD6Y7kXZXZgOcNPFlT6X3WeM
5U4cJrgaP2DQ+erD6PcCLZ3u6tqwR5G4xbkQeuMl/5XI1NcEIRUbhqOpKZtGijWK
9AcEOaAoAgeimTbzCZ1VFqvcepLAg8nduWFVoi2QmAtC79EYwbKwbkfI4UQi8EFn
v76KAJ/GB3s=
=Ick+
-----END PGP SIGNATURE-----
--- End Message ---
