ports/148893: UPDATE fix security/swatch rc.d script

Michael Scheidell scheidell at secnap.net
Sat Jul 24 12:30:06 UTC 2010 

>Number:         148893
>Category:       ports
>Synopsis:       UPDATE fix security/swatch  rc.d script
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jul 24 12:30:05 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        6.2 - 7.3
>Organization:
SECNAP Network Security
>Environment:
i386, sparc64 and amd64
>Description:
many rc.d scripts that use perl may not function correctly unless procname=/usr/local/bin/perl is set.
if it can't find the pid, a restart or start will just start multiple copies of swatch.  critical maintenance functions, scripts, routines might be duplicated, causing strange problems.

example is swatch, since, at least 6.2 days.

./rc.d/swatch(.sh) status can't find swatch, since rc.subr is trying to find a PROGRAM called swatch and can't.
set procname, and it can find it.

/usr/local/etc/rc.d/swatch restart
swatch not running?
Starting swatch.
ionspam.spammertrap.net# ps -auxww | grep swatch
root    25957  2.5  1.4  9000  7364  ??  Ss    8:09AM   0:00.00 /usr/local/bin/perl /tmp/.swatch_script.25955
root    19676  0.0  0.4  9004  1896  ??  Is   17Jul10   0:00.60 /usr/local/bin/perl /tmp/.swatch_script.19674
root    25960  0.0  0.2  3312   948  p0  S+    8:09AM   0:00.00 grep swatch
ionspam.spammertrap.net#
ionspam.spammertrap.net# pkill -9 -f swatch
ionspam.spammertrap.net# ps -auxww | grep swatch
root    25970  0.0  0.2  3312   960  p0  S+    8:10AM   0:00.00 grep swatch
ionspam.spammertrap.net# /usr/local/etc/rc.d/swatch start
Starting swatch.
ionspam.spammertrap.net# /usr/local/etc/rc.d/swatch status
swatch is not running.
ionspam.spammertrap.net# ps -auxww | grep swatch
root    25980  1.4  1.4  9000  7380  ??  Ss    8:10AM   0:00.00 /usr/local/bin/perl /tmp/.swatch_script.25978
root    25995  0.0  0.2  3312   960  p0  S+    8:10AM   0:00.00 grep swatch
ionspam.spammertrap.net# pkill -9 -f swatch
ionspam.spammertrap.net# patch swatch < patch.txt
ionspam.spammertrap.net# /usr/local/etc/rc.d/swatch start
Starting swatch.
ionspam.spammertrap.net# ps -auxww | grep swatch
root    26029  2.8  1.4  9000  7380  ??  Ss    8:11AM   0:00.00 /usr/local/bin/perl /tmp/.swatch_script.26027
root    26037  0.0  0.2  3312   960  p0  S+    8:11AM   0:00.00 grep swatch
ionspam.spammertrap.net# /usr/local/etc/rc.d//swatch status
swatch is running as pid 26029.


>How-To-Repeat:
./rc.d/swatch start
./rc.d/swatch status

(note: it doesn't ALWAYS miss it, can't tell you why, some systems find it, but it will ALWAYS find it if you add procname. but I have seen this since at least 6.2 sparc64.  there even might be patches I submitted years ago, trying to fix it, but this will fix it and is upwards compatible. tested on 6.2 through 7.3. tested on amd64, sparc64, and i386.
tested with perl 5.8.8 through 5.10.
>Fix:
--- /tmp/swatch	2010-07-24 08:20:28.000000000 -0400
+++ /usr/local/etc/rc.d/swatch	2010-07-24 08:11:13.000000000 -0400
@@ -23,6 +23,7 @@
 rcvar=`set_rcvar`
 
 command=/usr/local/bin/swatch
+procname=/usr/local/bin/perl
 
 load_rc_config ${name}
 


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list