Skip Menu |

This queue is for tickets about the Proc-Daemon CPAN distribution.

Report information
The Basics
Id: 91450
Status: resolved
Priority: 0/
Queue: Proc-Daemon
People
Owner: Nobody in particular
Requestors: abe [...] debian.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Dec 16 14:50:57 2013 abe [...] debian.org - Ticket created
CC: 732283-submitter [...] bugs.debian.org
Subject: Fwd: Bug#732283: libproc-daemon-perl: Writes pidfile with mode 666
Date: Mon, 16 Dec 2013 20:50:45 +0100
To: bug-Proc-Daemon [...] rt.cpan.org
From: Axel Beckert <abe [...] debian.org>
Hi, the following bug has been reported[1] against Proc::Daemon in Debian. Patch at [2]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732283 [2] http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-daemon-perl.git;a=blob;f=debian/patches/pid.patch ----- Forwarded message from christian mock <cm@coretec.at> ----- Date: Sun, 15 Dec 2013 20:33:59 +0100 From: christian mock <cm@coretec.at> To: Debian Bug Tracking System <submit@bugs.debian.org> Subject: Bug#732283: libproc-daemon-perl: Writes pidfile with mode 666 Sender: pkg-perl-maintainers <pkg-perl-maintainers-bounces+abe=deuxchevaux.org@lists.alioth.debian.org> Reply-To: christian mock <cm@coretec.at>, 732283@bugs.debian.org Package: libproc-daemon-perl Version: 0.14-1 Severity: normal Dear Maintainer, Proc::Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666. This is a rather stupid idea and may well be a security issue. -- System Information: Debian Release: 7.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.9-0.bpo.1-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libproc-daemon-perl depends on: ii libproc-processtable-perl 0.45-6 ii perl 5.14.2-21+deb7u1 libproc-daemon-perl recommends no packages. libproc-daemon-perl suggests no packages. -- no debconf information Show quoted text
----- End forwarded message ----- Regards, Axel -- ,''`. | Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
  Fri Dec 26 10:11:31 2014 pavel.a.denisov [...] gmail.com - Correspondence added
From: pavel.a.denisov [...] gmail.com
While the patch from Debian fixes the security issue, it makes unreadable for other users all other files created by a daemon, what is unwanted in some cases. Attached patch fixes this problem.
Subject: perl-Proc-Daemon-restore-umask.patch
diff -crB lib.orig/Proc/Daemon.pm lib/Proc/Daemon.pm *** lib.orig/Proc/Daemon.pm 2013-12-18 10:13:31.000000000 -0400 --- lib/Proc/Daemon.pm 2014-12-18 14:14:43.358761046 -0400 *************** *** 152,157 **** --- 152,158 ---- die "Can't <chdir> to $self->{work_dir}: $!" unless chdir $self->{work_dir}; # Clear the file creation mask. + $self->{_orig_umask} = umask; umask 066; # Detach the child from the terminal (no controlling tty), make it the *************** *** 253,258 **** --- 254,261 ---- # potential damage later. } + # Restore the original file creation mask. + umask $self->{_orig_umask}; # Execute a system command and never return. if ( $exec_command ) {
  Fri Dec 26 10:11:31 2014 The RT System itself - Status changed from 'new' to 'open'
  Wed Jan 21 19:47:53 2015 AKREAL [...] cpan.org - Correspondence added
Released in version 0.15.
  Wed Jan 21 19:47:54 2015 AKREAL [...] cpan.org - Status changed from 'open' to 'resolved'