oss-sec mailing list archives
Re: Bug#738855: initscripts: Skip killing root-owned process starting with @
From: Solar Designer <solar () openwall com>
Date: Sun, 16 Feb 2014 00:10:43 +0400
Hi, I am a moderator for oss-security, and I am unsure whether we want to accept or reject postings made to the Debian bug and merely CC'ed to oss-security by people who haven't participated in the discussion thread on oss-security (and most likely have not even looked at it), and where such postings are not security focused. I feel that they'd be partially out-of-context, and I feel that the discussion on the Debian bug might go for a long while (this is fine on its own, but not for having it all CC'ed to oss-security). I reluctantly approved Petter's posting, although it was unclear if it was CC'ed to oss-security on purpose or accidentally. FYI, the thread on oss-security started here: http://www.openwall.com/lists/oss-security/2014/02/14/4 and you may see follow-ups (which were _not_ CC'ed to the Debian bug) via the "thread-next" link. Dimitri, since you were the one to add the CC:, what would you like us to do? So far, Petter's is the only such comment CC'ed to oss-security after yours, but I suspect that many more comments will be posted to the Debian bug later (since there's no consensus), and many may/would be CC'ed to oss-security without specific reason (OK, maybe my bringing the question up will affect this and it won't be happening). I think it may be appropriate to discuss non-security/development aspects of this issue on the Debian bug and maybe on the Distributions list: http://lists.freedesktop.org/archives/distributions/ and security aspects on oss-security. Or is this separation not justified? Maybe I am imagining the threat of this turning into a lengthy thread that is only tangential for oss-security? I don't intend to spam the Debian bug by CC'ing it on many more messages like this, yet I felt I should keep it in the loop this time. Thanks, Alexander P.S. This is a rare occasion where I think top-posting works best, so here's the quoted message: On Sat, Feb 15, 2014 at 08:20:12PM +0100, Petter Reinholdtsen wrote:
I am not convinced this is something we should implement in init.d/sendsigs. If we are going to implement this systemd compatibility, it might be better to implement it as a option for killall5, instead of faking omitpid values. Anyone willing to write such implementation? killall5 already know about all processes and their names, and asking it to ignore processes matching some regular expression should not be very hard. -- Happy hacking Petter Reinholdtsen
Current thread:
- Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne (Feb 14)
- Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ cve-assign (Feb 14)
- Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne (Feb 14)
- Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Florian Weimer (Feb 15)
- Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne (Feb 16)
- Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Petter Reinholdtsen (Feb 15)
- Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Solar Designer (Feb 15)
- Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne (Feb 16)
- Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Solar Designer (Feb 15)
- Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ cve-assign (Feb 14)