Your message dated Thu, 27 Feb 2025 17:31:49 +0000 with message-id <[email protected]> and subject line Bug#1096026: Removed package(s) from unstable has caused the Debian Bug report #519291, regarding Overflow with large number of identical monitored processes to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 519291: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519291 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: restartd Version: 0.2.2 When using restartd to monitor processes that fork a lot (apache, havp, ...), an incoherent behaviour happens. Typically syslog get filled with lines of this type: Mar 11 17:16:56 $HOSTNAME restartd: 19326 19328 19331 19334 19337 19340 19342 19345 19347 19349 19351 19353 19355 19357 19359 19362 19364 19366 19367 19369 19371 19373 19375 19380 19383 19385 19387 19389 19391 19393 19395 19397 19399 19402 19405 19407 19409 19411 19413 19415 19417 19419 19421 19423 19425 19427 19430 19432 19434 19436 19438 19440 19442 is NOT running, executing ' 19399 19402 19405 19407 19409 19411 19413 19415 19417 19419 19421 19423 19425 19427 19430 19432 19434 19436 19438 19440 19442' This seems to be related to a buffer overflow in restartd code. Overflow could be exploited to crash restartd, or, although unlikely, call arbitrary commands which names are PIDs, and present in restartd $PATH (maybe code execution but I can't see how given the fact data is only PIDs). This can been seen on the line executing ' 19399 19402 ... as later, restartd uses this data as argument for a system(3) function call. Relevant code is located in main.c file, line 246 to 257: // Check process for (i = 0; i < config_process_number; i++) { regcomp (regc, config_process[i].regexp, REG_EXTENDED || REG_ICASE); if (!regexec (regc, proc_cmdline_str, r_nmatch, r_match, 0)) sprintf (config_process[i].processes, "%s %s", config_process[i].processes, procdir_dirent->d_name); regfree (regc); } for a large number of running "monitored" process (which match regular expression specified in configuration file), PIDs keep being appended to config_process[i].processes, without any check. 'config_process_type' struct has its 'processes' member limited to 256 bytes, as defined in config.h file, line 44 to 54. It seems this quick ugly fix works with the test setup I used (4 monitored processes forking 100 times each). if (snprintf (config_process[i].processes, 256, "%s %s", config_process[i].processes, procdir_dirent->d_name) >= 256 ) { config_process[i].processes[256-1] = '\0'; } Sadfully this fix interferes with the /var/run/restartd status file maintained by restartd as PIDs list gets truncated. Note another sprintf use without error checking at main.c line 233 This has been tested on Debian GNU/Linux 5.0 (Lenny), kernel 2.6.26-1-686 and libc6 2.7-18 and reported on many other Debian Lenny systems.
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Version: 0.2.3-1.1+rm Dear submitter, as the package restartd has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1096026 The version of this package that was in Debian prior to this removal can still be found using https://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Paul Tagliamonte (the ftpmaster behind the curtain)
--- End Message ---
