taskserver
taskserver copied to clipboard
GothenburgBitFactory
[TD-109] (security) Fix pid file path
Sebastien Badia on 2015-12-22T21:10:39Z says:
The default location for the pid file is in tmp, this patch fix the path of this file to usr /run instead. (for security reasons).
Migrated metadata:
Created: 2015-12-22T21:10:39Z
Modified: 2015-12-27T21:06:36Z
Paul Beckingham on 2015-12-23T13:18:13Z says:
Sorry, /run is not portable.
Is there a reliable way to detect DEBIAN at compile time?
Daniel Shahaf on 2015-12-23T15:47:10Z says:
Why would you want to detect debian at compile-time? The symlink attack (opening a predictable filename with fopen(..., "w")) exists on all platforms and should be fixed on all platforms, not just on debian.
There's the fopen x mode flag which seems reasonably portable.
Or perhaps open(..., O_EXCL); fdopen()? It ought to work too, oughtn't it? (And it uses only POSIX-specified flags)
Paul Beckingham on 2015-12-23T16:45:55Z says:
I want to detect Debian so I have another choice. For example, Debian no longer wants dates baked into binaries ("build date"), but I do want that in binaries, so an #ifdef is ideal in that case.
There is no x mode flag in my fopen.
Daniel Shahaf on 2015-12-24T08:01:46Z says:
The x mode flag is present in linux/freebsd/openbsd/osx at least. It's not documented in the beginning of the man page with the r w a flags but further down with the non-standard extensions.
As to detecting debian, you could look for a line containing either ID=debian or ID_LIKE=debian in /etc/os-release. The latter matches derived distros too but the former doesn't. IIRC that file will always exist in debian newer than the previous stable version.
tobi on 2015-12-27T08:48:58Z says:
Hi Paul,
As I was the one asking Sebastien to submit you the bugs (I'm going to sponsor his upload of taskd) and with my Debian Developer hat on I need to comment this...
The issues pointed out by Sebastien are valid issues -- at least for all unixes. . Frankly, a Debian targeted patch would be inappropiate.
- Using /tmp this can easily introduce security issues. If /run is not portable enough, use the old /var/run, which is also backed up be the FHS If that is still not portable enough. As fallback, let the user specify the pid file via commandline option.
- Reproducible build is also not a "Debian only" thing. Debian was among the first to push this, but the whole ecosystem will benefit if get there. Read https://wiki.debian.org/ReproducibleBuilds/About for a rationale.
Thanks for considering!
Paul Beckingham on 2015-12-27T21:06:36Z says:
Hi tobi,
You misunderstand, I am not needing explanations or justifications, and no one said that Sebastien's issues were not valid. I am looking for a portable solution, and not a Debian-specific solution, and I can't accept patches that break portability.
The conditional compilation question is for a different issue, as stated above, and not this one, but this is where the conversation happened.
