Debian Bug report logs - #626281
pid file has wrong permissions

version graph

Package: keepalived; Maintainer for keepalived is Alexander Wirt <formorer@debian.org>; Source for keepalived is src:keepalived.

Reported by: Martin Zobel-Helas <zobel@debian.org>

Date: Tue, 10 May 2011 14:36:01 UTC

Severity: grave

Tags: security, squeeze, upstream

Found in version keepalived/1.1.12-1

Fixed in versions keepalived/1:1.2.2-2, keepalived/1:1.1.20-1+squeeze1

Done: Alexander Wirt <formorer@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, zobel@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Tue, 10 May 2011 14:36:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Martin Zobel-Helas <zobel@debian.org>:
New Bug report received and forwarded. Copy sent to zobel@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Alexander Wirt <formorer@debian.org>. (Tue, 10 May 2011 14:36:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Martin Zobel-Helas <zobel@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: pid file has wrong permissions
Date: Tue, 10 May 2011 16:33:29 +0200
Package: keepalived
Version: 1.1.12-1
Severity: grave
Tags: security

Hi,

keepalive writes a public writeable pid file to /var/run

-rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid

Cheers,
Martin


reference: http://lists.debian.org/05578BFF-44FC-41B3-9E8E-C11B5B9A6C11@gmail.com
-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
 Martin Zobel-Helas <zobel@debian.org>  | Debian System Administrator
 Debian & GNU/Linux Developer           |           Debian Listmaster
 GPG key http://go.debian.net/B11B627B  | 
 GPG Fingerprint:  6B18 5642 8E41 EC89 3D5D  BDBB 53B1 AC6D B11B 627B 




Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Tue, 10 May 2011 14:57:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Yves-Alexis Perez <corsac@debian.org>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Tue, 10 May 2011 14:57:09 GMT) Full text and rfc822 format available.

Message #10 received at 626281@bugs.debian.org (full text, mbox):

From: Yves-Alexis Perez <corsac@debian.org>
To: oss-security@lists.openwall.com
Cc: Martin Zobel-Helas <zobel@debian.org>, 626281@bugs.debian.org
Subject: CVE request: keepalived pid file permissions issue
Date: Tue, 10 May 2011 16:55:25 +0200
Hey,

it was reported that keepalived (and some other daemons) store their pid
file with permission 666. A bug was opened for keepalived in Debian,
could a CVE be assigned to the issue?

Bug text was:

On mar., 2011-05-10 at 16:33 +0200, Martin Zobel-Helas wrote:
> Package: keepalived
> Version: 1.1.12-1
> Severity: grave
> Tags: security
> 
> Hi,
> 
> keepalive writes a public writeable pid file to /var/run
> 
> -rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid
> 
> Cheers,
> Martin
> 
> 
> reference: http://lists.debian.org/05578BFF-44FC-41B3-9E8E-C11B5B9A6C11@gmail.com

Thanks,
-- 
Yves-Alexis





Added tag(s) upstream. Request was from Alexander Wirt <formorer@debian.org> to control@bugs.debian.org. (Tue, 10 May 2011 14:57:11 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#626281; Package keepalived. (Tue, 10 May 2011 15:03:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Wirt <formorer@debian.org>:
Extra info received and forwarded to list. (Tue, 10 May 2011 15:03:06 GMT) Full text and rfc822 format available.

Message #17 received at 626281@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@debian.org>
To: keepalived-devel@lists.sourceforge.net
Cc: 626281@bugs.debian.org
Subject: Security problem in keepalived's pid handling/daemonize code
Date: Tue, 10 May 2011 16:52:56 +0200
tag 626281 upstream
thanks

Hi, 

today I got a bugreport about a security problem in keepalived. It seems that
keepalived daemonize code explicitly sets umask(0) which leads to interesting
results:
-rw-rw-rw-  1 root   root      6 2010-11-24 00:12 keepalived.pid
-rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid
-rw-rw-rw-  1 root     root        5 2011-02-08 13:00 vrrp.pid

Readwrite permissions to the pidfile of a daemon is a really bad idea. a
umask of 000 is probably never a good idea. So I think removing that lines
from keepalived/check/check_daemon.c, keepalived/core/daemon.c and
keepalived/vrrp/vrrp_daemon.c. 

Alex
-- 
Alexander Wirt, formorer@formorer.de 
CC99 2DDD D39E 75B0 B0AA  B25C D35B BC99 BC7D 020A




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#626281; Package keepalived. (Tue, 10 May 2011 15:18:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Wirt <formorer@debian.org>:
Extra info received and forwarded to list. (Tue, 10 May 2011 15:18:05 GMT) Full text and rfc822 format available.

Message #22 received at 626281@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@debian.org>
To: keepalived-devel@lists.sourceforge.net
Cc: 626281@bugs.debian.org
Subject: Re: [Keepalived-devel] Security problem in keepalived's pid handling/daemonize code
Date: Tue, 10 May 2011 17:15:06 +0200
Alexander Wirt schrieb am Dienstag, den 10. Mai 2011:

> tag 626281 upstream
> thanks
> 
> Hi, 
> 
> today I got a bugreport about a security problem in keepalived. It seems that
> keepalived daemonize code explicitly sets umask(0) which leads to interesting
> results:
> -rw-rw-rw-  1 root   root      6 2010-11-24 00:12 keepalived.pid
> -rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid
> -rw-rw-rw-  1 root     root        5 2011-02-08 13:00 vrrp.pid
> 
> Readwrite permissions to the pidfile of a daemon is a really bad idea. a
> umask of 000 is probably never a good idea. So I think removing that lines
> from keepalived/check/check_daemon.c, keepalived/core/daemon.c and
> keepalived/vrrp/vrrp_daemon.c. 
After thinking a little bit longer about it, it maybe makes sense to clear a
users umask. But if this is the case, we should explicitly set permissions
for the pidfile (and take care we did that for every open..). 

Alex
-- 
Alexander Wirt, formorer@formorer.de 
CC99 2DDD D39E 75B0 B0AA  B25C D35B BC99 BC7D 020A




Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Tue, 10 May 2011 19:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Bernat <bernat@debian.org>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Tue, 10 May 2011 19:21:04 GMT) Full text and rfc822 format available.

Message #27 received at 626281@bugs.debian.org (full text, mbox):

From: Vincent Bernat <bernat@debian.org>
To: Alexander Wirt <formorer@debian.org>
Cc: 626281@bugs.debian.org, keepalived-devel@lists.sourceforge.net
Subject: Re: Bug#626281: Security problem in keepalived's pid handling/daemonize code
Date: Tue, 10 May 2011 21:09:38 +0200
[Message part 1 (text/plain, inline)]
OoO  Vers la  fin de  l'après-midi  du mardi  10 mai  2011, vers  16:52,
Alexander Wirt <formorer@debian.org> disait :

> today I got a bugreport about a security problem in keepalived. It seems that
> keepalived daemonize code explicitly sets umask(0) which leads to interesting
> results:
> -rw-rw-rw-  1 root   root      6 2010-11-24 00:12 keepalived.pid
> -rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid
> -rw-rw-rw-  1 root     root        5 2011-02-08 13:00 vrrp.pid

> Readwrite permissions to the pidfile of a daemon is a really bad idea. a
> umask of 000 is probably never a good idea. So I think removing that lines
> from keepalived/check/check_daemon.c, keepalived/core/daemon.c and
> keepalived/vrrp/vrrp_daemon.c. 

Hi!

umask(0) is a classic way to daemonize a processus. See:
 http://www.unixguide.net/unix/programming/1.7.shtml

The problem  is with fopen()  that does not  allow to set a  mode. Maybe
we should use creat() before fopen()?
-- 
BOFH excuse #26:
first Saturday after first full moon in Winter
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Tue, 10 May 2011 19:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Bernat <bernat@debian.org>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Tue, 10 May 2011 19:24:04 GMT) Full text and rfc822 format available.

Message #32 received at 626281@bugs.debian.org (full text, mbox):

From: Vincent Bernat <bernat@debian.org>
To: Alexander Wirt <formorer@debian.org>
Cc: 626281@bugs.debian.org, keepalived-devel@lists.sourceforge.net
Subject: Re: Bug#626281: [Keepalived-devel] Security problem in keepalived's pid handling/daemonize code
Date: Tue, 10 May 2011 21:21:32 +0200
[Message part 1 (text/plain, inline)]
OoO  Lors de  la soirée  naissante  du mardi  10 mai  2011, vers  17:15,
Alexander Wirt <formorer@debian.org> disait :

>> Readwrite permissions to the pidfile of a daemon is a really bad idea. a
>> umask of 000 is probably never a good idea. So I think removing that lines
>> from keepalived/check/check_daemon.c, keepalived/core/daemon.c and
>> keepalived/vrrp/vrrp_daemon.c. 
> After thinking a little bit longer about it, it maybe makes sense to clear a
> users umask. But if this is the case, we should explicitly set permissions
> for the pidfile (and take care we did that for every open..). 

Yes. Here is a patch. I have checked other invocations of open/fopen and
this was the sole invocation which was faulty.

[0001-Set-correct-rights-on-PID-file.patch (text/x-diff, inline)]
From 78aac2699469d610b5aa2f45dac4a30bd379938a Mon Sep 17 00:00:00 2001
From: Vincent Bernat <bernat@luffy.cx>
Date: Tue, 10 May 2011 21:17:22 +0200
Subject: [PATCH] Set correct rights on PID file.

This file was writable by anybody, leading to the possibility of
writing any PID an waiting for some admin to restart keepalived to
kill the process of your choice.
---
 keepalived/core/pidfile.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/keepalived/core/pidfile.c b/keepalived/core/pidfile.c
index 383912e..0c3ea33 100644
--- a/keepalived/core/pidfile.c
+++ b/keepalived/core/pidfile.c
@@ -20,6 +20,9 @@
  * Copyright (C) 2001-2011 Alexandre Cassen, <acassen@linux-vs.org>
  */
 
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 #include "logger.h"
 #include "pidfile.h"
 extern char *main_pidfile;
@@ -30,7 +33,9 @@ extern char *vrrp_pidfile;
 int
 pidfile_write(char *pid_file, int pid)
 {
-	FILE *pidfile = fopen(pid_file, "w");
+	FILE *pidfile = NULL;
+	int pidfd = creat(pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+	if (pidfd != -1) pidfile = fdopen(pidfd, "w");
 
 	if (!pidfile) {
 		log_message(LOG_INFO, "pidfile_write : Can not open %s pidfile",
-- 
1.7.5.1

[Message part 3 (text/plain, inline)]
-- 
printk(KERN_ERR "msp3400: chip reset failed, penguin on i2c bus?\n");
	2.2.16 /usr/src/linux/drivers/char/msp3400.c
[Message part 4 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Tue, 10 May 2011 19:27:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Wirt <formorer@formorer.de>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Tue, 10 May 2011 19:27:06 GMT) Full text and rfc822 format available.

Message #37 received at 626281@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@formorer.de>
To: Vincent Bernat <bernat@debian.org>
Cc: 626281@bugs.debian.org, keepalived-devel@lists.sourceforge.net
Subject: Re: Bug#626281: Security problem in keepalived's pid handling/daemonize code
Date: Tue, 10 May 2011 21:16:41 +0200
Vincent Bernat schrieb am Tuesday, den 10. May 2011:

> OoO  Vers la  fin de  l'après-midi  du mardi  10 mai  2011, vers  16:52,
> Alexander Wirt <formorer@debian.org> disait :
> 
> > today I got a bugreport about a security problem in keepalived. It seems that
> > keepalived daemonize code explicitly sets umask(0) which leads to interesting
> > results:
> > -rw-rw-rw-  1 root   root      6 2010-11-24 00:12 keepalived.pid
> > -rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid
> > -rw-rw-rw-  1 root     root        5 2011-02-08 13:00 vrrp.pid
> 
> > Readwrite permissions to the pidfile of a daemon is a really bad idea. a
> umask(0) is a classic way to daemonize a processus. See:
>  http://www.unixguide.net/unix/programming/1.7.shtml
Yeah, but in days of defensive programming you normally prevent such things. I
haven't checked other files, but everything that uses fopen creates files
with 666. We should be permissive by default. 
> 
> The problem  is with fopen()  that does not  allow to set a  mode. Maybe
> we should use creat() before fopen()?
Sure that would work, but we should also check every fopen call so see if we
have other problems. 

Alex





Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Tue, 10 May 2011 19:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Bernat <bernat@debian.org>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Tue, 10 May 2011 19:30:03 GMT) Full text and rfc822 format available.

Message #42 received at 626281@bugs.debian.org (full text, mbox):

From: Vincent Bernat <bernat@debian.org>
To: Alexander Wirt <formorer@formorer.de>
Cc: 626281@bugs.debian.org, keepalived-devel@lists.sourceforge.net
Subject: Re: Bug#626281: Security problem in keepalived's pid handling/daemonize code
Date: Tue, 10 May 2011 21:27:21 +0200
[Message part 1 (text/plain, inline)]
OoO En  ce début de soirée du  mardi 10 mai 2011,  vers 21:16, Alexander
Wirt <formorer@formorer.de> disait :

>> > Readwrite permissions to the pidfile of a daemon is a really bad idea. a
>> umask(0) is a classic way to daemonize a processus. See:
>> http://www.unixguide.net/unix/programming/1.7.shtml
> Yeah, but in days of defensive programming you normally prevent such things. I
> haven't checked other files, but everything that uses fopen creates files
> with 666. We should be permissive by default. 

I honestly don't know what is  the drawback of using umask(022). You may
break some user  scripts launched by keepalived that  could write a file
(as  root)  which was  then  modified by  a  non-root  process. This  is
difficult to imagine. :)
-- 
panic("Aarggh: attempting to free lock with active wait queue - shoot Andy");
	2.0.38 /usr/src/linux/fs/locks.c
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Mon, 16 May 2011 20:24:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Josh Bressers <bressers@redhat.com>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Mon, 16 May 2011 20:24:05 GMT) Full text and rfc822 format available.

Message #47 received at 626281@bugs.debian.org (full text, mbox):

From: Josh Bressers <bressers@redhat.com>
To: oss-security@lists.openwall.com
Cc: Martin Zobel-Helas <zobel@debian.org>, 626281@bugs.debian.org, coley <coley@mitre.org>
Subject: Re: [oss-security] CVE request: keepalived pid file permissions issue
Date: Mon, 16 May 2011 15:37:13 -0400 (EDT)
Please use CVE-2011-1784 for this.

Thanks.

-- 
    JB

----- Original Message -----
> Hey,
> 
> it was reported that keepalived (and some other daemons) store their
> pid
> file with permission 666. A bug was opened for keepalived in Debian,
> could a CVE be assigned to the issue?
> 
> Bug text was:
> 
> On mar., 2011-05-10 at 16:33 +0200, Martin Zobel-Helas wrote:
> > Package: keepalived
> > Version: 1.1.12-1
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > keepalive writes a public writeable pid file to /var/run
> >
> > -rw-rw-rw- 1 root root 5 2011-02-08 13:00 keepalived.pid
> >
> > Cheers,
> > Martin
> >
> >
> > reference:
> > http://lists.debian.org/05578BFF-44FC-41B3-9E8E-C11B5B9A6C11@gmail.com
> 
> Thanks,
> --
> Yves-Alexis




Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Mon, 07 Nov 2011 19:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Mon, 07 Nov 2011 19:33:03 GMT) Full text and rfc822 format available.

Message #52 received at 626281@bugs.debian.org (full text, mbox):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: Vincent Bernat <bernat@debian.org>
Cc: Alexander Wirt <formorer@debian.org>, 626281@bugs.debian.org, keepalived-devel@lists.sourceforge.net
Subject: Re: Bug#626281: [Keepalived-devel] Security problem in keepalived's pid handling/daemonize code
Date: Mon, 7 Nov 2011 20:32:35 +0100
On Tue, May 10, 2011 at 09:21:32PM +0200, Vincent Bernat wrote:
> OoO  Lors de  la soirée  naissante  du mardi  10 mai  2011, vers  17:15,
> Alexander Wirt <formorer@debian.org> disait :
> 
> >> Readwrite permissions to the pidfile of a daemon is a really bad idea. a
> >> umask of 000 is probably never a good idea. So I think removing that lines
> >> from keepalived/check/check_daemon.c, keepalived/core/daemon.c and
> >> keepalived/vrrp/vrrp_daemon.c. 
> > After thinking a little bit longer about it, it maybe makes sense to clear a
> > users umask. But if this is the case, we should explicitly set permissions
> > for the pidfile (and take care we did that for every open..). 
> 
> Yes. Here is a patch. I have checked other invocations of open/fopen and
> this was the sole invocation which was faulty.

What's the status? It's been nearly half a year.

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Mon, 07 Nov 2011 19:45:28 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Wirt <formorer@formorer.de>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Mon, 07 Nov 2011 19:45:28 GMT) Full text and rfc822 format available.

Message #57 received at 626281@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@formorer.de>
To: Moritz Mühlenhoff <jmm@inutil.org>, 626281@bugs.debian.org
Cc: Vincent Bernat <bernat@debian.org>, keepalived-devel@lists.sourceforge.net
Subject: Re: Bug#626281: [Keepalived-devel] Security problem in keepalived's pid handling/daemonize code
Date: Mon, 7 Nov 2011 20:36:53 +0100
Moritz Mühlenhoff schrieb am Monday, den 07. November 2011:

> On Tue, May 10, 2011 at 09:21:32PM +0200, Vincent Bernat wrote:
> > OoO  Lors de  la soirée  naissante  du mardi  10 mai  2011, vers  17:15,
> > Alexander Wirt <formorer@debian.org> disait :
> > 
> > >> Readwrite permissions to the pidfile of a daemon is a really bad idea. a
> > >> umask of 000 is probably never a good idea. So I think removing that lines
> > >> from keepalived/check/check_daemon.c, keepalived/core/daemon.c and
> > >> keepalived/vrrp/vrrp_daemon.c. 
> > > After thinking a little bit longer about it, it maybe makes sense to clear a
> > > users umask. But if this is the case, we should explicitly set permissions
> > > for the pidfile (and take care we did that for every open..). 
> > 
> > Yes. Here is a patch. I have checked other invocations of open/fopen and
> > this was the sole invocation which was faulty.
> 
> What's the status? It's been nearly half a year.
Ah, there was something. I hoped upstream would catch this up, unfortunatly
that never happened. So I have to apply the patch on my own :(. I will do an
upload later or tomorrow.

Alex





Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Mon, 07 Nov 2011 20:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Bernat <bernat@debian.org>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Mon, 07 Nov 2011 20:06:03 GMT) Full text and rfc822 format available.

Message #62 received at 626281@bugs.debian.org (full text, mbox):

From: Vincent Bernat <bernat@debian.org>
To: Alexander Wirt <formorer@formorer.de>
Cc: Moritz Mühlenhoff <jmm@inutil.org>, 626281@bugs.debian.org, keepalived-devel@lists.sourceforge.net
Subject: Re: Bug#626281: [Keepalived-devel] Security problem in keepalived's pid handling/daemonize code
Date: Mon, 07 Nov 2011 21:05:09 +0100
[Message part 1 (text/plain, inline)]
OoO Pendant le  journal télévisé du lundi 07  novembre 2011, vers 20:36,
Alexander Wirt <formorer@formorer.de> disait :

> Ah, there was something. I hoped upstream would catch this up, unfortunatly
> that never happened. So I have to apply the patch on my own :(. I will do an
> upload later or tomorrow.

I think the fix  will be in the next version of  keepalived. It is in my
fixes branch. But I don't know  when the next version of keepalived will
be released.
-- 
Vincent Bernat ☯ http://vincent.bernat.im

panic("kmem_cache_init(): Offsets are wrong - I've been messed with!");
	2.2.16 /usr/src/linux/mm/slab.c
[Message part 2 (application/pgp-signature, inline)]

Added tag(s) pending. Request was from Alexander Wirt <formorer@debian.org> to control@bugs.debian.org. (Wed, 09 Nov 2011 20:27:06 GMT) Full text and rfc822 format available.

Reply sent to Alexander Wirt <formorer@debian.org>:
You have taken responsibility. (Thu, 10 Nov 2011 07:48:07 GMT) Full text and rfc822 format available.

Notification sent to Martin Zobel-Helas <zobel@debian.org>:
Bug acknowledged by developer. (Thu, 10 Nov 2011 07:48:08 GMT) Full text and rfc822 format available.

Message #69 received at 626281-close@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@debian.org>
To: 626281-close@bugs.debian.org
Subject: Bug#626281: fixed in keepalived 1:1.2.2-2
Date: Thu, 10 Nov 2011 07:47:10 +0000
Source: keepalived
Source-Version: 1:1.2.2-2

We believe that the bug you reported is fixed in the latest version of
keepalived, which is due to be installed in the Debian FTP archive:

keepalived_1.2.2-2.diff.gz
  to main/k/keepalived/keepalived_1.2.2-2.diff.gz
keepalived_1.2.2-2.dsc
  to main/k/keepalived/keepalived_1.2.2-2.dsc
keepalived_1.2.2-2_amd64.deb
  to main/k/keepalived/keepalived_1.2.2-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 626281@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Wirt <formorer@debian.org> (supplier of updated keepalived package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Nov 2011 08:38:47 +0100
Source: keepalived
Binary: keepalived
Architecture: source amd64
Version: 1:1.2.2-2
Distribution: unstable
Urgency: low
Maintainer: Alexander Wirt <formorer@debian.org>
Changed-By: Alexander Wirt <formorer@debian.org>
Description: 
 keepalived - Failover and monitoring daemon for LVS clusters
Closes: 626281
Changes: 
 keepalived (1:1.2.2-2) unstable; urgency=low
 .
   * [9db4134] Fix override disparity
   * [8f0c721] Remove obsolete patch
   * [897c0a0] Set correct permissions on pid file.
     This is a fix for CVE-2011-1784.
     (Closes: #626281)
   * [5ab4b8d] Don't use modprobe -k.
     Thanks to Sven Ulland for the patch
   * [c87fe40] Add vcs headers to control file
   * [8107104] Bump standards version - no changes
Checksums-Sha1: 
 e72fb11cf6fd4a945faadd0f5a8b880f83509a2d 1195 keepalived_1.2.2-2.dsc
 ccd607f0f59dca110c9334fe3507d390d5e5ed05 13932 keepalived_1.2.2-2.diff.gz
 1595fdfefc244284edc1b565c132aaa789c39041 128088 keepalived_1.2.2-2_amd64.deb
Checksums-Sha256: 
 1cf6cf1ee980cbcb166d2b84169a5c26ba88d365f5fd12e9799eaaaf9a805d1e 1195 keepalived_1.2.2-2.dsc
 61afa84705b75137082ce1aa4b28cdf8bb70631554fca06b866423c2e365a5d2 13932 keepalived_1.2.2-2.diff.gz
 9e0f0792283e7f85f1dbf92c142148318144700026ebb44a5e8a162a59a3c00d 128088 keepalived_1.2.2-2_amd64.deb
Files: 
 e0b6bddb9625419c605035ec6b81277f 1195 admin extra keepalived_1.2.2-2.dsc
 dfcc5a684278bafde8926036f2d902a7 13932 admin extra keepalived_1.2.2-2.diff.gz
 a65f3473064340f3ad6ffa3dc3d76739 128088 admin extra keepalived_1.2.2-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk67gGYACgkQ01u8mbx9AgodCACfSFQQYgUePg3ZRQMpST4M7lmr
gqUAoLlC0F4sYobEZcVH1/AzXVyJmgXq
=UL/V
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Fri, 09 Dec 2011 14:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to grove@one.com:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Fri, 09 Dec 2011 14:45:03 GMT) Full text and rfc822 format available.

Message #74 received at 626281@bugs.debian.org (full text, mbox):

From: Henrik Christian Grove <grove@one.com>
To: 626281@bugs.debian.org
Subject: What about squeeze?
Date: Fri, 09 Dec 2011 15:40:42 +0100
This is a security problem present in squeeze, shouldn't we get a
security update?






Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Fri, 09 Dec 2011 15:09:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Wirt <formorer@formorer.de>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Fri, 09 Dec 2011 15:09:07 GMT) Full text and rfc822 format available.

Message #79 received at 626281@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@formorer.de>
To: grove@one.com, 626281@bugs.debian.org
Subject: Re: Bug#626281: What about squeeze?
Date: Fri, 9 Dec 2011 15:58:23 +0100
Henrik Christian Grove schrieb am Friday, den 09. December 2011:

> 
> This is a security problem present in squeeze, shouldn't we get a
> security update?
The security team already said that this problem does not warant a security
update. So I will try to get it into next stable update.

Alex





Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Wed, 21 Dec 2011 18:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Wed, 21 Dec 2011 18:03:03 GMT) Full text and rfc822 format available.

Message #84 received at 626281@bugs.debian.org (full text, mbox):

From: Jonathan Wiltshire <jmw@debian.org>
To: 626281@bugs.debian.org
Subject: pid file has wrong permissions
Date: Wed, 21 Dec 2011 18:00:06 +0000 (GMT)
Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.4) 	- use target "stable"
lenny (5.0.10) 	- use target "oldstable"

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track the progress of this request.

For details of this process and the rationale, please see the original
announcement [1] and my blog post [2].

0: debian-release@lists.debian.org
1: <201101232332.11736.thijs@debian.org>
2: http://deb.li/prsc

Thanks,

with his security hat on:
--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51




Added tag(s) squeeze. Request was from Jonathan Wiltshire <jmw@debian.org> to control@bugs.debian.org. (Wed, 21 Dec 2011 18:03:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Wed, 21 Dec 2011 21:22:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Wirt <formorer@formorer.de>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Wed, 21 Dec 2011 21:22:04 GMT) Full text and rfc822 format available.

Message #91 received at 626281@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@formorer.de>
To: Jonathan Wiltshire <jmw@debian.org>, 626281@bugs.debian.org
Subject: Re: Bug#626281: pid file has wrong permissions
Date: Wed, 21 Dec 2011 22:00:13 +0100
Jonathan Wiltshire schrieb am Wednesday, den 21. December 2011:

> Dear maintainer,
> 
> Recently you fixed one or more security problems and as a result you closed
> this bug. These problems were not serious enough for a Debian Security
> Advisory, so they are now on my radar for fixing in the following suites
> through point releases:
> 
> squeeze (6.0.4) 	- use target "stable"
> lenny (5.0.10) 	- use target "oldstable"
> 
> Please prepare a minimal-changes upload targetting each of these suites,
> and submit a debdiff to the Release Team [0] for consideration. They will
> offer additional guidance or instruct you to upload your package.
Sure, tomorrow is my birthday, but I should be able to do this on friday.

Alex
 




Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Sun, 18 Mar 2012 21:33:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Sun, 18 Mar 2012 21:33:06 GMT) Full text and rfc822 format available.

Message #96 received at 626281@bugs.debian.org (full text, mbox):

From: Jonathan Wiltshire <jmw@debian.org>
To: Alexander Wirt <formorer@formorer.de>, 626281@bugs.debian.org
Subject: Re: Bug#626281: pid file has wrong permissions
Date: Sun, 18 Mar 2012 21:32:29 +0000
[Message part 1 (text/plain, inline)]
Hi Alex,

On Wed, Dec 21, 2011 at 10:00:13PM +0100, Alexander Wirt wrote:
> Jonathan Wiltshire schrieb am Wednesday, den 21. December 2011:
> > Please prepare a minimal-changes upload targetting each of these suites,
> > and submit a debdiff to the Release Team [0] for consideration. They will
> > offer additional guidance or instruct you to upload your package.
> Sure, tomorrow is my birthday, but I should be able to do this on friday.

Any progress with this fix for squeeze?

Thanks

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

<directhex> i have six years of solaris sysadmin experience, from
            8->10. i am well qualified to say it is made from bonghits
			layered on top of bonghits
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Sun, 18 Mar 2012 21:48:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Wirt <formorer@formorer.de>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Sun, 18 Mar 2012 21:48:12 GMT) Full text and rfc822 format available.

Message #101 received at 626281@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@formorer.de>
To: Jonathan Wiltshire <jmw@debian.org>
Cc: 626281@bugs.debian.org
Subject: Re: Bug#626281: pid file has wrong permissions
Date: Sun, 18 Mar 2012 22:38:19 +0100
[Message part 1 (text/plain, inline)]
Jonathan Wiltshire schrieb am Sunday, den 18. March 2012:

> Hi Alex,
> 
> On Wed, Dec 21, 2011 at 10:00:13PM +0100, Alexander Wirt wrote:
> > Jonathan Wiltshire schrieb am Wednesday, den 21. December 2011:
> > > Please prepare a minimal-changes upload targetting each of these suites,
> > > and submit a debdiff to the Release Team [0] for consideration. They will
> > > offer additional guidance or instruct you to upload your package.
> > Sure, tomorrow is my birthday, but I should be able to do this on friday.
> 
> Any progress with this fix for squeeze?
ugh. I need a time machine. Give me a few minutes. 

Alex

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Wirt <formorer@debian.org>:
Bug#626281; Package keepalived. (Sun, 18 Mar 2012 22:39:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Wirt <formorer@formorer.de>:
Extra info received and forwarded to list. Copy sent to Alexander Wirt <formorer@debian.org>. (Sun, 18 Mar 2012 22:39:07 GMT) Full text and rfc822 format available.

Message #106 received at 626281@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@formorer.de>
To: Jonathan Wiltshire <jmw@debian.org>
Cc: 626281@bugs.debian.org
Subject: Re: Bug#626281: pid file has wrong permissions
Date: Sun, 18 Mar 2012 23:25:20 +0100
[Message part 1 (text/plain, inline)]
Jonathan Wiltshire schrieb am Sunday, den 18. March 2012:

> Hi Alex,
> 
> On Wed, Dec 21, 2011 at 10:00:13PM +0100, Alexander Wirt wrote:
> > Jonathan Wiltshire schrieb am Wednesday, den 21. December 2011:
> > > Please prepare a minimal-changes upload targetting each of these suites,
> > > and submit a debdiff to the Release Team [0] for consideration. They will
> > > offer additional guidance or instruct you to upload your package.
> > Sure, tomorrow is my birthday, but I should be able to do this on friday.
> 
> Any progress with this fix for squeeze?
jtfr: update prepared and requested on debian-release.

thanks for the hint
Alex
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Alexander Wirt <formorer@debian.org>:
You have taken responsibility. (Sat, 24 Mar 2012 17:36:04 GMT) Full text and rfc822 format available.

Notification sent to Martin Zobel-Helas <zobel@debian.org>:
Bug acknowledged by developer. (Sat, 24 Mar 2012 17:36:04 GMT) Full text and rfc822 format available.

Message #111 received at 626281-close@bugs.debian.org (full text, mbox):

From: Alexander Wirt <formorer@debian.org>
To: 626281-close@bugs.debian.org
Subject: Bug#626281: fixed in keepalived 1:1.1.20-1+squeeze1
Date: Sat, 24 Mar 2012 17:32:08 +0000
Source: keepalived
Source-Version: 1:1.1.20-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
keepalived, which is due to be installed in the Debian FTP archive:

keepalived_1.1.20-1+squeeze1.diff.gz
  to main/k/keepalived/keepalived_1.1.20-1+squeeze1.diff.gz
keepalived_1.1.20-1+squeeze1.dsc
  to main/k/keepalived/keepalived_1.1.20-1+squeeze1.dsc
keepalived_1.1.20-1+squeeze1_amd64.deb
  to main/k/keepalived/keepalived_1.1.20-1+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 626281@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Wirt <formorer@debian.org> (supplier of updated keepalived package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 18 Mar 2012 21:56:09 +0000
Source: keepalived
Binary: keepalived
Architecture: source amd64
Version: 1:1.1.20-1+squeeze1
Distribution: stable
Urgency: low
Maintainer: Alexander Wirt <formorer@debian.org>
Changed-By: Alexander Wirt <formorer@debian.org>
Description: 
 keepalived - Failover and monitoring daemon for LVS clusters
Closes: 626281
Changes: 
 keepalived (1:1.1.20-1+squeeze1) stable; urgency=low
 .
   * Set correct permissions on pid file.
     This is a fix for CVE-2011-1784.
     (Closes: #626281)
Checksums-Sha1: 
 30f1b39facb5363d2c47e10c66ecb9ce169e0622 1074 keepalived_1.1.20-1+squeeze1.dsc
 905067c86120c12b68290f7167c8a0e7de5cdc5b 14351 keepalived_1.1.20-1+squeeze1.diff.gz
 d6ae57f238d0e0c714ef204143c52f42781ab100 143674 keepalived_1.1.20-1+squeeze1_amd64.deb
Checksums-Sha256: 
 ee87c79ce49601f45dd3d06132f942ad1bdee09835a13f63b80070aefe91b534 1074 keepalived_1.1.20-1+squeeze1.dsc
 68672c746c50b561e0007eca48f4c0701b54c8c3a6a62e6ed47b7abddde5c397 14351 keepalived_1.1.20-1+squeeze1.diff.gz
 51bb9048b0e5bf1170dc722a9f8cbaf2062d13e46e7de387417645e3bf273d7c 143674 keepalived_1.1.20-1+squeeze1_amd64.deb
Files: 
 945c0a54182bc88e990d9e2232d414f2 1074 admin optional keepalived_1.1.20-1+squeeze1.dsc
 701e26a9dda5a494d106d8a82cb3c2cb 14351 admin optional keepalived_1.1.20-1+squeeze1.diff.gz
 e37ad1950af11659737cc2f53d910d28 143674 admin optional keepalived_1.1.20-1+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9t4C0ACgkQ01u8mbx9AgoQOwCfVAuXrU1JhLlpbOM42j+ocbfL
JmEAnRBYgJEd81+nQejWP96p1hVB2mxH
=qcck
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 11 Jun 2012 07:55:23 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 00:19:54 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.