[pkg-bacula-commits] [bacula] 01/02: Mitigate CVE 2017-14610 by having daemons drop privileges themselves (SysV-Init)
Sven Hartge
hartge-guest at moszumanska.debian.org
Mon Oct 16 17:03:52 UTC 2017
This is an automated email from the git hooks/post-receive script.
hartge-guest pushed a commit to branch stretch
in repository bacula.
commit 0360ba83fca5a63272b2cb7c123cb018265b8fa4
Author: Sven Hartge <sven at svenhartge.de>
Date: Mon Oct 16 18:59:59 2017 +0200
Mitigate CVE 2017-14610 by having daemons drop privileges themselves (SysV-Init)
This change effectively reverts the changes made in
http://www.bacula.org/git/cgit.cgi/bacula/commit/?h=Branch-7.4&id=3924012940114148be0ef565e6d979597f9a27d1
to fix being unable to get automatic backtraces on crash.
Unfortunately with the current code base it is not possible to have
both: automatic backtraces *and* secure PID files.
---
debian/bacula-director.init | 2 +-
debian/bacula-fd.init | 2 +-
debian/bacula-sd.init | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/debian/bacula-director.init b/debian/bacula-director.init
index 8ac7c36..89cfbe6 100644
--- a/debian/bacula-director.init
+++ b/debian/bacula-director.init
@@ -67,7 +67,7 @@ do_start()
{
if $DAEMON -u $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then
start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG
+ --oknodo --exec $DAEMON -- -u $BUSER -g $BGROUP -c $CONFIG
return 0
else
log_progress_msg "- the configtest"
diff --git a/debian/bacula-fd.init b/debian/bacula-fd.init
index 649b9cc..698e4ea 100644
--- a/debian/bacula-fd.init
+++ b/debian/bacula-fd.init
@@ -54,7 +54,7 @@ do_start()
{
if $DAEMON -u $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then
start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG
+ --oknodo --exec $DAEMON -- -u $BUSER -g $BGROUP -c $CONFIG
return 0
else
log_progress_msg "- the configtest"
diff --git a/debian/bacula-sd.init b/debian/bacula-sd.init
index 47c3d07..e386384 100644
--- a/debian/bacula-sd.init
+++ b/debian/bacula-sd.init
@@ -53,7 +53,7 @@ do_start()
{
if $DAEMON -g $BUSER -g $BGROUP -t -c $CONFIG > /dev/null 2>&1; then
start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --oknodo --exec $DAEMON --chuid $BUSER:$BGROUP -- -c $CONFIG
+ --oknodo --exec $DAEMON -- -g $BUSER -g $BGROUP -c $CONFIG
return 0
else
log_progress_msg "- the configtest"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git
More information about the pkg-bacula-commits
mailing list