Bug#1006741: memlockd: /etc/memlockd.cfg: contains ancient libc6 version

Thu, 03 Mar 2022 15:15:15 -0800 

Package: memlockd
Version: 1.3-2+b1
Severity: normal
File: /etc/memlockd.cfg
Usertags: warnings

The default /etc/memlockd.cfg contains an ancient libc6 version, which
means that libc6 won't be locked in memory by memlockd, which could
lead to system unavailability, which is meant to be fixed by memlockd.

Luckily other parts of the default config (like loading bash) will
automatically lock libc, but the default config still means that
memlockd will log errors when trying to load the old libc, which
means that sysadmins will have to filter those out using logcheck.

Just upgrading the version number to the latest isn't going to be
helpful, since it will quickly get out of date. I suggest that you
introduce a * prefix character that will use glob() on the path and
lock all the files resulting from that. The default config can then
contain a glob like ld-[0-9].[0-9][0-9].so and thus match any libc,
at least until glibc 2.100 :)

   $ grep -- -2 /etc/memlockd.cfg
   /lib/$ARCH-linux-gnu/libnss_nis-2.24.so
   /lib/$ARCH-linux-gnu/libnss_files-2.24.so
   /lib/$ARCH-linux-gnu/libnss_compat-2.24.so
   /lib/$ARCH-linux-gnu/ld-2.24.so
   
   $ ls -l /lib/*-linux-gnu/ld-*.so
   -rwxr-xr-x 1 root root 198K Feb 21 16:47 /lib/x86_64-linux-gnu/ld-2.33.so*
   
   $ apt policy libc6
   libc6:
     Installed: 2.33-7
     Candidate: 2.33-7
     Version table:
        2.34-0experimental3 700
           700 https://deb.debian.org/debian experimental/main amd64 Packages
    *** 2.33-7 900
           900 https://deb.debian.org/debian testing/main amd64 Packages
           800 https://deb.debian.org/debian unstable/main amd64 Packages
           100 /var/lib/dpkg/status

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.16.0-3-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages memlockd depends on:
ii  adduser  3.118

memlockd recommends no packages.

memlockd suggests no packages.

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to