Your message dated Mon, 20 Oct 2014 21:30:11 +0000
with message-id <[email protected]>
and subject line Bug#617424: fixed in tcpspy 1.7d-9
has caused the Debian Bug report #617424,
regarding Consider improving enclosure of daemon.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
617424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617424
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tcpspy
Version: 1.7d-4
Severity: wishlist
Tags: patch
Tcpspy is clearly intended to be a long living daemon.
As such it is reacting on an alarmingly large number
of signals. One could also argue that it would benefit
slightly from a stricter handling of file descriptors,
more in line with security measures for other daemons.
I contribute one mode of implementing these changes.
Best regards,
Mats Erik Andersson, DM
Description: Improve security in daemonised execution.
Ignore signals irrelevant to a long living daemon
which was crafted with orderly shutdown.
.
Replace standard file descriptors with a tie to "/dev/null".
.
Yield controlling terminal properly by seting session ID.
Author: Mats Erik Andersson <[email protected]>
Forwarded: no
Last-Update: 2011-03-08
--- tcpspy-1.7d.debian/tcpspy.c 2002-01-25 02:01:02.000000000 +0100
+++ tcpspy-1.7d/tcpspy.c 2011-03-08 20:56:37.000000000 +0100
@@ -53,7 +53,10 @@
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/types.h>
+#include <sys/stat.h> /* umask() */
+#include <fcntl.h> /* open /dev/null */
#include <unistd.h>
+#include <paths.h> /* _PATH_DEVNULL */
#include "log.h"
#include "rcsid.h"
@@ -607,7 +610,16 @@
if (debug == 0) {
pid_t p;
+ int nullfd;
+ /* Hinder early disturbance generated by terminal. */
+ signal (SIGHUP, SIG_IGN);
+ signal (SIGINT, SIG_IGN);
+ signal (SIGQUIT, SIG_IGN);
+ signal (SIGTSTP, SIG_IGN);
+ signal (SIGUSR1, SIG_IGN);
+ signal (SIGUSR2, SIG_IGN);
+
/* 1st fork */
p = fork();
if (p < 0) {
@@ -617,6 +629,13 @@
} else if (p != 0)
exit (0);
+ /* Give up controlling terminal */
+ if (setsid () < 0) {
+ fprintf (stderr, "tcpspy: setsid: %s\n",
+ strerror (errno));
+ exit (EXIT_FAILURE);
+ }
+
/* 2nd fork */
p = fork();
if (p < 0) {
@@ -630,11 +649,22 @@
}
ioctl (STDIN_FILENO, TIOCNOTTY, NULL);
- close (STDIN_FILENO);
- close (STDOUT_FILENO);
- close (STDERR_FILENO);
+
+ nullfd = open (_PATH_DEVNULL, O_RDWR, 0);
+ if (nullfd < 0) {
+ fprintf (stderr, "tcpspy: cannot open %s\n",
+ _PATH_DEVNULL);
+ exit (EXIT_FAILURE);
+ }
+
+ dup2 (nullfd, STDIN_FILENO);
+ dup2 (nullfd, STDOUT_FILENO);
+ dup2 (nullfd, STDERR_FILENO);
+ close (nullfd);
+
setpgid (0, 0);
chdir ("/");
+ umask (0);
} else
fprintf (stderr, "tcpspy 1.7d started (debug)\n");
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: tcpspy
Source-Version: 1.7d-9
We believe that the bug you reported is fixed in the latest version of
tcpspy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joao Eriberto Mota Filho <[email protected]> (supplier of updated tcpspy
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 16 Oct 2014 17:07:26 -0300
Source: tcpspy
Binary: tcpspy
Architecture: source amd64
Version: 1.7d-9
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <[email protected]>
Changed-By: Joao Eriberto Mota Filho <[email protected]>
Description:
tcpspy - Incoming and Outgoing TCP/IP connections logger
Closes: 616355 616473 617424
Changes:
tcpspy (1.7d-9) unstable; urgency=medium
.
* QA upload.
* Upload to unstable.
* Fixed a FTBFS in some architectures. Thanks a lot to
Luis Valdes <[email protected]>.
* debian/control: updated the long description.
* debian/copyright:
- Migrated to 1.0 format.
- Updated the upstream and packaging data.
* debian/manpages: created to install all manpages.
* debian/patches/:
- Added the 'add_support_to_ipv6' patch, written by Mats Erik Andersson
<[email protected]> and reviewed by Joao Eriberto Mota Filho. This
patch implements an previous patch from the same author too. Part of
the patch was directly applied to debian/tcpspy.rules.5. Thanks a lot
to Mats. (Closes: #616355, #616473)
- Added the 'add_security' patch. Thanks again to Mats Erik Andersson
<[email protected]>. (Closes: #617424)
- Updated the 'manpage' patch.
* debian/tcpspy.8: removed because the upstream has a manpage too.
* debian/tcpspy.init:
- Added the 'Description' field to header.
- Added a call to LSB init functions.
- Added a test to check the '/etc/tcpspy.rules' file presence.
- added the 'status' option.
Checksums-Sha1:
08df890eae4b292739554917c730bacc02a2c883 1646 tcpspy_1.7d-9.dsc
2faed868482b07de2a41ab7469219b64e7ab978f 12072 tcpspy_1.7d-9.debian.tar.xz
878eefd97658a6748fd2a78fd397682fbb7b8066 31362 tcpspy_1.7d-9_amd64.deb
Checksums-Sha256:
81d91ceceea6e7e88a7f60071335d9eaef33f403ae91729bc008f9f34c91bef5 1646
tcpspy_1.7d-9.dsc
af66de7855250d6d15351d0ac18c11fe1976a70bcbb535d80ccd768ab120a077 12072
tcpspy_1.7d-9.debian.tar.xz
54390783d2423de5b3d478917c219c20b6fb4d46f9b6a7d621771a122423d2f9 31362
tcpspy_1.7d-9_amd64.deb
Files:
b41bd31202bc395227bf2e0c9dde2749 1646 net optional tcpspy_1.7d-9.dsc
dcda6c5773086e9749c19d6385280354 12072 net optional tcpspy_1.7d-9.debian.tar.xz
647ee93ca620f2a39c9522d4e85026ec 31362 net optional tcpspy_1.7d-9_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJURWUdAAoJEN5juccE6+nvo0QQAKWCs/NzaczR9er6c4ptrAet
I0e1ivdJoqdYmNI5ghQER+MOH70i+EKnq8iF8p9XaMtvH43FKP9gbNeZBVA6F3fJ
gLr7p2WYKgnX0i6Ahidlq3blBqqDy9ff+lp1suMc3tZfUe8Da8kBn2wu4ZjQvZOT
Kj9fOP73fyS69/Xd0vlcYUw4f8zzvzqMU4q+7kkE4dFDQBfH3kra1BCDP8PqIkfp
9b0iVYNAAnijV4T5swskiMzyN/flKAsiRRKB14HPqyoVKS/lAL0/JbS6caAK0szI
1BSzE40Euj9BQGVZv6exDAZSYCd96rBBvXLLUC1wI7Dcg9kJsnnGIgYJ7EFJOWzb
lyK5+dmeEuZpcxLWqggsrwBoOjkXCOyfZaObdPrmfX+b9DOwSAX4xDgnr+JPRWAG
ig1jAEvEeNpgGcj0tbwIlGCpTmHGh1eYfTSr7Yk85TNUUAxR7dSNNBaGWxsY+0wg
55Podeo3Q9ZOPVjy7RP7fOIqw9B2OHF5hiivMU47UnQrbiOyKpdx5pOzvDBoik14
tZIkIirzI0VLuyaBkitf7JxrTYrw0MSmTh4nOjdpDLGUZDXuxs8PK3NjITVXqjbq
tl2hMi+5wT3XnxgR+A+TrYqNoW9MdWzZHtS3/7iunhsbkMK5UT/8fK0qXiWBB59F
vKKWYRCU5IbqsW7Ip+G4
=IpOQ
-----END PGP SIGNATURE-----
--- End Message ---
