[Pkg-nagios-devel] Bug#465530: Bug#465530: nagios-plugins 1.4-6sarge1 lacks check_procs
jmm at inutil.org
Wed Feb 13 20:40:10 UTC 2008
Luk Claes wrote:
> > okay, it looks like the problem was that the person who did the security
> > upload built the package in a sarge chroot without /proc mounted (i can
> > duplicate the problem unmounting /proc in my pbuilder chroot).
> > so, my question is what are the next steps? can the security team just
> > trigger a rebuild/binNMU, or do we need another sourceful upload? if so
> > should i provide an update in debian/rules that checks for /proc to be
> > mounted just in case this happens again?
> I think I can schedule binNMUs now though the buildds have to have proc
> mounted beforehand or the one signing has to be careful enough not to
> sign if it's not yet fixed with the binNMU.
> So I guess that's up to the Security Team to decide.
I don't really remember if/why procfs wasn't mounted. I build Sarge in a
chroot and Etch on a stable-only, real system.
Unfortunately it wasn't spotted neither by myself, nor the people that
also tested the update prior to release. I'll add a note, that we
integrate the existing bin-checker into the planned security update
beta test program.
Please go ahead with a binNMU: Only the broken i386 manual build
should be affected AFAICS.
> You do check for a mounted proc in the unstable/testing/experimental
> version, right? I kind of remember seeing it as the check fails even if
> there is a proc mounted from outside the chroot...
Maybe we can talk to Lucas Nussbaum, whether he wants to run an archive
rebuild w/ and w/o procfs mounted and compare the diffs, so that we
can spot package failures like this in advance? Since a mounted procfs
is a prevailing setup many other maintainers might take it for
granted w/o checking explicitly.
More information about the Pkg-nagios-devel