Bug#921557: start-stop-daemon: behavior change on "matching only on non-root pidfile /run/exim4/exim.pid is insecure" not fully documented

2019-02-12 Thread Andreas Metzler
On 2019-02-12 Brian May wrote: > Andreas Metzler writes: [...] >> For exim I am now passing --exec >> /path/to/daemon as argument to s-s-d [...] >> Alternatively (or additionally) setting --user should also work. > OK, thanks for this. I hadn't realized you could resolve this by passing > --exec

Bug#921557: start-stop-daemon: behavior change on "matching only on non-root pidfile /run/exim4/exim.pid is insecure" not fully documented

2019-02-12 Thread Brian May
Andreas Metzler writes: > You will need to limit the processes that s-s-d in considering for > killing, otherwise the amasvis user could kill arbitrary processes by > listing them in the pid file. For exim I am now passing --exec > /path/to/daemon as argument to s-s-d > > https://salsa.debian.org

Bug#921557: start-stop-daemon: behavior change on "matching only on non-root pidfile /run/exim4/exim.pid is insecure" not fully documented

2019-02-11 Thread Andreas Metzler
On 2019-02-12 Brian May wrote: > On Thu, Feb 07, 2019 at 06:53:18PM +0100, Andreas Metzler wrote: >>> I was planning a new upload during this week (the version in sid, will >>> not migrate as is due to a regression in dgit's autopkgtests), but can >>> postpone it a few days until you've uploaded e

Bug#921557: start-stop-daemon: behavior change on "matching only on non-root pidfile /run/exim4/exim.pid is insecure" not fully documented

2019-02-11 Thread Brian May
On Thu, Feb 07, 2019 at 06:53:18PM +0100, Andreas Metzler wrote: > > I was planning a new upload during this week (the version in sid, will > > not migrate as is due to a regression in dgit's autopkgtests), but can > > postpone it a few days until you've uploaded exim. > > Thanks for the offer, I

Bug#921557: start-stop-daemon: behavior change on "matching only on non-root pidfile /run/exim4/exim.pid is insecure" not fully documented

2019-02-07 Thread Andreas Metzler
On 2019-02-07 Guillem Jover wrote: > On Wed, 2019-02-06 at 19:58:52 +0100, Andreas Metzler wrote: [...] >> dpkg's changelog.Debian says: >> * start-stop-daemon: Check whether standalone --pidfile use is secure. >> Prompted by Michael Orlitzky . >> the regular changelog is more verbose: [...]

Bug#921557: start-stop-daemon: behavior change on "matching only on non-root pidfile /run/exim4/exim.pid is insecure" not fully documented

2019-02-07 Thread Guillem Jover
Hi! On Wed, 2019-02-06 at 19:58:52 +0100, Andreas Metzler wrote: > Package: dpkg > Version: 1.19.3 > Severity: important > With 1.19.3 the following command stopped working: > /sbin/start-stop-daemon --stop --retry 5 --quiet --pidfile /run/exim4/exim.pid > /sbin/start-stop-daemon: matching only o

Bug#921557: start-stop-daemon: behavior change on "matching only on non-root pidfile /run/exim4/exim.pid is insecure" not fully documented

2019-02-06 Thread Andreas Metzler
Package: dpkg Version: 1.19.3 Severity: important With 1.19.3 the following command stopped working: /sbin/start-stop-daemon --stop --retry 5 --quiet --pidfile /run/exim4/exim.pid /sbin/start-stop-daemon: matching only on non-root pidfile /run/exim4/exim.pid is insecure Afaict this broke exim #9