Version 1.7.5 of Mandos is released
Teddy Hogeborn
teddy at recompile.se
Tue Mar 8 01:50:25 CET 2016
Version 1.7.5 of Mandos is released. It is a minor bugfix release,
mainly meant to fix one bug in the systemd service file and work around
another bug relating to stopping the server.
Version 1.7.5 (2016-03-08)
* Server
** Fix security restrictions in systemd service file.
** Work around bug where stopping server would time out
Version 1.7.4 introduced security restrictions in the systemd service
file for the Mandos server. Unfortunately, they were a little too
strict, makeing the server unable to do setgid(), leaving it running as
user and group root instead of its own private user and group "_mandos".
Running as root should not in and of itself be a problem, but it is a
loss of a security mechanism. This release fixes this bug.
Another problem is that when the server receives a SIGTERM signal, it is
supposed to shut down. Currently, it does not apparently detect the
signal until otherwise running, like when processing a D-Bus message.
If no checkers are run in time, and if no D-Bus messages are sent to the
server, the server will not shut down cleanly and will not save its
state. This release adds workarounds to the init script and systemd
service file to poke the server via D-Bus after sending the termination
signal; this allows the server to shutdown cleanly and timely. (Note:
this is only a workaround; a real bug fix would be preferred, especially
for those not using D-Bus.)
Debian package changes:
* debian/mandos.postinst (configure): If old version was 1.7.4-1 or
1.7.4-1~bpo8+1, fix situation where clients.pickle file is owned by
root.
(As usual, Teddy has uploaded the package directly to Debian unstable.)
/Teddy Hogeborn & Björn Påhlsson
--
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20160308/165f64be/attachment.sig>
More information about the Mandos-Dev
mailing list