Debian Bug report logs - #72215
Danted does not write danted.pid since does not have permissions

version graph

Package: dante-server; Maintainer for dante-server is Peter Pentchev <roam@ringlet.net>; Source for dante-server is src:dante.

Reported by: Simon Huggins <shuggins@axialys.net>

Date: Fri, 22 Sep 2000 07:49:25 UTC

Severity: normal

Found in versions 1.1.2-2, 1.1.10-1

Fixed in version dante/1.1.11.12p1-4

Done: Adrian Bridgett <bridgett@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Adrian Bridgett <bridgett@debian.org>:
Bug#72215; Package dante-server. Full text and rfc822 format available.

Acknowledgement sent to Simon Huggins <shuggins@axialys.net>:
New Bug report received and forwarded. Copy sent to Adrian Bridgett <bridgett@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Simon Huggins <shuggins@axialys.net>
To: submit@bugs.debian.org
Subject: Danted does not write danted.pid since does not have permissions
Date: Fri, 22 Sep 2000 09:40:48 +0200
Package: dante-server
Version: 1.1.2-2

Danted cannot write to /var/run/danted.pid and thus generates error
messages to this effect.

(This wasn't the reason it wasn't working for us that was my own luser
stupidity, but I noticed this at the same time)

Simon.

-- 
After a number of decimal places, nobody gives a damn.                      



Information forwarded to dante-bugs@inet.no, Adrian Bridgett <bridgett@debian.org>:
Bug#72215; Package dante-server. Full text and rfc822 format available.

Acknowledgement sent to Andreas Voegele <voegelas@users.sourceforge.net>:
Extra info received and forwarded to maintainer. Copy sent to dante-bugs@inet.no, Adrian Bridgett <bridgett@debian.org>. Full text and rfc822 format available.

Message #10 received at 72215-maintonly@bugs.debian.org (full text, mbox):

From: Andreas Voegele <voegelas@users.sourceforge.net>
To: 72215-maintonly@bugs.debian.org
Subject: Re: Danted does not write danted.pid since does not have permissions [patch]
Date: 10 Mar 2001 17:54:56 +0100
[Message part 1 (text/plain, inline)]
Simon Huggins <shuggins@axialys.net> wrote:

> Danted cannot write to /var/run/danted.pid and thus generates error
> messages to this effect.

If the option "user.privileged: proxy" is used the Dante server cannot
write to /var/run/danted.pid on Debian systems since the permissions,
owner and group of /var/run are:

drwxr-xr-x    7 root     root         1024 Mar 10 16:48 /var/run/

The attached patch fixes this problem.  The additional code switches
the uid to 0 if the pid file cannot be opened with the uid specified
by user.privileged:

	socks_seteuid(NULL, config.uid.privileged);
	if ((fp = fopen(SOCKD_PIDFILE, "w")) == NULL) {
		socks_seteuid(NULL, 0);
		if ((fp = fopen(SOCKD_PIDFILE, "w")) == NULL) {
			swarn("open(%s)", SOCKD_PIDFILE);
			errno = 0;
		}
	}
	socks_seteuid(NULL, config.uid.unprivileged);

I don't think that the temporary switch to uid 0 is dangerous.

[sockd.c.diff (text/x-patch, attachment)]

Information forwarded to Adrian Bridgett <bridgett@debian.org>:
Bug#72215; Package dante-server. Full text and rfc822 format available.

Acknowledgement sent to Michael Shuldman <michaels@inet.no>:
Extra info received and forwarded to maintainer. Copy sent to Adrian Bridgett <bridgett@debian.org>. Full text and rfc822 format available.

Message #15 received at 72215-maintonly@bugs.debian.org (full text, mbox):

From: Michael Shuldman <michaels@inet.no>
To: Andreas Voegele <voegelas@users.sourceforge.net>
Cc: 72215-maintonly@bugs.debian.org
Subject: Re: Bug#72215: Danted does not write danted.pid since does not have permissions [patch]
Date: Sun, 11 Mar 2001 15:11:04 +0100
Andreas Voegele wrote,
> Simon Huggins <shuggins@axialys.net> wrote:
> 
> > Danted cannot write to /var/run/danted.pid and thus generates error
> > messages to this effect.
> 
> If the option "user.privileged: proxy" is used the Dante server cannot
> write to /var/run/danted.pid on Debian systems since the permissions,
> owner and group of /var/run are:
> 
> drwxr-xr-x    7 root     root         1024 Mar 10 16:48 /var/run/
> 
> The attached patch fixes this problem.  The additional code switches
> the uid to 0 if the pid file cannot be opened with the uid specified
> by user.privileged:
> 
> 	socks_seteuid(NULL, config.uid.privileged);
> 	if ((fp = fopen(SOCKD_PIDFILE, "w")) == NULL) {
> 		socks_seteuid(NULL, 0);
> 		if ((fp = fopen(SOCKD_PIDFILE, "w")) == NULL) {
> 			swarn("open(%s)", SOCKD_PIDFILE);
> 			errno = 0;
> 		}
> 	}
> 	socks_seteuid(NULL, config.uid.unprivileged);
> 
> I don't think that the temporary switch to uid 0 is dangerous.

I think this is wrong.  Rather the user should create the pidfile
(once, e.g. when installing Dante) with the permissions desired so
Dante can write to it.


-- 
  _ // 
  \X/ -- Michael Shuldman <michaels@inet.no>




Information forwarded to Adrian Bridgett <bridgett@debian.org>:
Bug#72215; Package dante-server. Full text and rfc822 format available.

Acknowledgement sent to Andreas Voegele <voegelas@users.sourceforge.net>:
Extra info received and forwarded to maintainer. Copy sent to Adrian Bridgett <bridgett@debian.org>. Full text and rfc822 format available.

Message #20 received at 72215-maintonly@bugs.debian.org (full text, mbox):

From: Andreas Voegele <voegelas@users.sourceforge.net>
To: Michael Shuldman <michaels@inet.no>
Cc: 72215-maintonly@bugs.debian.org
Subject: Re: Bug#72215: Danted does not write danted.pid since does not have permissions
Date: 12 Mar 2001 08:27:04 +0100
Michael Shuldman writes:

> Andreas Voegele wrote,
> > Simon Huggins <shuggins@axialys.net> wrote:
> > 
> > > Danted cannot write to /var/run/danted.pid and thus generates error
> > > messages to this effect.
> > 
> > If the option "user.privileged: proxy" is used the Dante server cannot
> > write to /var/run/danted.pid on Debian systems since the permissions,
> > owner and group of /var/run are:
> > 
> > drwxr-xr-x    7 root     root         1024 Mar 10 16:48 /var/run/
> > 
> > The attached patch fixes this problem.  The additional code switches
> > the uid to 0 if the pid file cannot be opened with the uid specified
> > by user.privileged: [...]
> > 
> > I don't think that the temporary switch to uid 0 is dangerous.
> 
> I think this is wrong.  Rather the user should create the pidfile
> (once, e.g. when installing Dante) with the permissions desired so
> Dante can write to it.

On Debian systems (and probably on most other systems) /var/run is
cleaned on every startup.

The _user_ shouldn't have to create /var/run/danted.pid.  That's the
task of the package.

The startup script /etc/init.d/danted could parse the Dante
configuration file and create the pid file.

For example, SED can be used to get the value of user.privileged:

sed -n -e 's/[[:space:]]*//g' -e 's/#.*//' -e '/^user\.privileged/{s/[^:]*://p;q;}' /etc/danted.conf



Information forwarded to Adrian Bridgett <bridgett@debian.org>:
Bug#72215; Package dante-server. Full text and rfc822 format available.

Acknowledgement sent to Andreas Voegele <voegelas@users.sourceforge.net>:
Extra info received and forwarded to maintainer. Copy sent to Adrian Bridgett <bridgett@debian.org>. Full text and rfc822 format available.

Message #25 received at 72215-maintonly@bugs.debian.org (full text, mbox):

From: Andreas Voegele <voegelas@users.sourceforge.net>
To: 72215-maintonly@bugs.debian.org
Cc: Michael Shuldman <michaels@inet.no>
Subject: Updated /etc/init.d/danted
Date: 12 Mar 2001 11:50:07 +0100
[Message part 1 (text/plain, inline)]
Here's an updated /etc/init.d/danted that creates the pid-file before
the Dante server is started.

Alternatively the pid-file could be created by start-stop-daemon (*) with
the options --background and --make-pidfile.  But then the code that
creates the pid-file had to be removed from sockd.c on Debian systems
in order to avoid the error message.

Maybe upstream should add an autoconf option that makes it possible to
disable the creation of the pid-file to dante.  In fact, I really like
this idea.  In my opinion it's much better if start-stop-daemon
handles the creation of /var/run/danted.pid.

-- 
(*) On Debian systems daemons are started with the program
start-stop-daemon.  start-stop-daemon can put daemons into the
background and manage pid-files.

[dante-server.init (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Adrian Bridgett <bridgett@debian.org>:
Bug#72215; Package dante-server. Full text and rfc822 format available.

Acknowledgement sent to "Guy Geens" <g.geens@pandora.be>:
Extra info received and forwarded to list. Copy sent to Adrian Bridgett <bridgett@debian.org>. Full text and rfc822 format available.

Message #30 received at 72215@bugs.debian.org (full text, mbox):

From: "Guy Geens" <g.geens@pandora.be>
To: Debian Bug Tracking System <72215@bugs.debian.org>
Subject: Still present in 1.1.10
Date: Fri, 7 Sep 2001 19:33:47 +0200
Followup-For: Bug #72215
Package: dante-server
Version: 1.1.10-1

The same (or maybe a similar) problem exists in version 1.1.10. Dante
doesn't write a .pid file, but no error is logged.

The init script /etc/init.d/danted assumes the file is there, causing
the reload and stop actions to fail silently.

-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux shienar 2.2.19 #1 Mon Apr 16 13:42:58 CEST 2001 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages dante-server depends on:
ii  libc6                         2.2.4-1    GNU C Library: Shared libraries an
ii  libwrap0                      7.6-8.2    Wietse Venema's TCP wrappers libra



Reply sent to Adrian Bridgett <bridgett@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Simon Huggins <shuggins@axialys.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #35 received at 72215-close@bugs.debian.org (full text, mbox):

From: Adrian Bridgett <bridgett@debian.org>
To: 72215-close@bugs.debian.org
Subject: Bug#72215: fixed in dante 1.1.11.12p1-4
Date: Sun, 07 Apr 2002 08:02:09 -0400
We believe that the bug you reported is fixed in the latest version of
dante, which is due to be installed in the Debian FTP archive:

dante-client_1.1.11.12p1-4_i386.deb
  to pool/main/d/dante/dante-client_1.1.11.12p1-4_i386.deb
dante-server_1.1.11.12p1-4_i386.deb
  to pool/main/d/dante/dante-server_1.1.11.12p1-4_i386.deb
dante_1.1.11.12p1-4.diff.gz
  to pool/main/d/dante/dante_1.1.11.12p1-4.diff.gz
dante_1.1.11.12p1-4.dsc
  to pool/main/d/dante/dante_1.1.11.12p1-4.dsc
libsocksd-dev_1.1.11.12p1-4_i386.deb
  to pool/main/d/dante/libsocksd-dev_1.1.11.12p1-4_i386.deb
libsocksd_1.1.11.12p1-4_i386.deb
  to pool/main/d/dante/libsocksd_1.1.11.12p1-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 72215@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bridgett <bridgett@debian.org> (supplier of updated dante package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  7 Apr 2002 12:45:55 +0100
Source: dante
Binary: libsocksd dante-client dante-server libsocksd-dev
Architecture: source i386
Version: 1.1.11.12p1-4
Distribution: unstable
Urgency: low
Maintainer: Adrian Bridgett <bridgett@debian.org>
Changed-By: Adrian Bridgett <bridgett@debian.org>
Description: 
 dante-client - Provides a SOCKS wrapper for users behind a firewall.
 dante-server - SOCKS server.
 libsocksd  - SOCKS library for packages built using libsocksd-dev.
 libsocksd-dev - Development files for compiling programs with SOCKS support.
Closes: 72215 121672
Changes: 
 dante (1.1.11.12p1-4) unstable; urgency=low
 .
   * use Andreas Voegele's init.d script so that dante can write its pidfile
     (closes: #72215, #121672). Thanks Andreas!
Files: 
 218b3fb5584b277f311da00594d078c5 710 net optional dante_1.1.11.12p1-4.dsc
 bba027f7c8248c06727df9d6c762256c 11316 net optional dante_1.1.11.12p1-4.diff.gz
 7a6028e182306b0fefa858160761bc17 88348 libs optional libsocksd_1.1.11.12p1-4_i386.deb
 cf1424027138f60640fac1fac0f02220 89964 devel optional libsocksd-dev_1.1.11.12p1-4_i386.deb
 ef2694ef1983fe60c768669cc41cd237 101810 net optional dante-client_1.1.11.12p1-4_i386.deb
 97645b378470aa4aecb6f6a8c16a1af5 114722 net optional dante-server_1.1.11.12p1-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8sDIzflgj9+6E5x0RAmyoAKCp/1IGpC6eo2gym29PojoXvup1sQCdEkcr
FdgcXjydF3b2xLdSLrpN068=
=zBXv
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 21:44:44 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.