]> git.koha-community.org Git - koha.git/commit
Bug 25481: Pass --user to start-stop-daemon when a pidfile is used
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 14 May 2020 14:04:20 +0000 (16:04 +0200)
committerJoy Nelson <joy@bywatersolutions.com>
Thu, 21 May 2020 20:43:06 +0000 (20:43 +0000)
commit403c2a4753db50897370442f907438357bc5f03b
tree345203c7b2c7aebf184982e13472c93d44b2a1c7
parent840b417890cdd341922cb3a086b08946bb96736d
Bug 25481: Pass --user to start-stop-daemon when a pidfile is used

Since D10, the behaviour of start-stop-daemon changed, see from its
manual:
"""
Warning:  using this match option with a world-writable pidfile or using it alone with a daemon that writes the pidfile as an unprivileged (non-root) user will be refused with an error (since
version 1.19.3) as this is a security risk, because either any user can write to it, or if the daemon gets compromised, the contents of the pidfile cannot be trusted, and  then  a  privileged
runner (such as an init script executed as root) would end up acting on any system process.  Using /dev/null is exempt from these checks.
"""

Test plan:
koha-plack --restart kohadev
should success with this patch.
Without this patch you get:
start-stop-daemon: matching only on non-root pidfile /var/run/koha/kohadev/plack.pid is insecure

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Joy Nelson <joy@bywatersolutions.com>
debian/scripts/koha-functions.sh
debian/scripts/koha-plack