memcached.service is less secure by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Memcached Mirror |
New
|
Unknown
|
|||
memcached (Debian) |
Fix Released
|
Unknown
|
|||
memcached (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Upstream regressed systemd sandboxing in memcached 1.5.6 by commenting out '##safer#
I have reported this upstream in https:/
In the meantime, we need to patch these comments back out (re-enabling the lines). Christian Ehrhardt also suggested to me that it would be a good idea to make sure that no '##safer##' get through in case upstream add any more through a check in debian/rules.
I'm creating this bug to document what's going on so that I can link to this from this workaround in the packaging. We should be able to drop this workaround as soon as this is resolved upstream.
Related branches
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 1554 lines (+515/-267)28 files modifiedassoc.c (+8/-20)
assoc.h (+1/-0)
configure (+10/-10)
crawler.c (+7/-5)
crawler.h (+4/-1)
debian/changelog (+10/-0)
debian/patches/02_service_wrapper.patch (+6/-8)
debian/patches/restore-systemd-sandboxing (+61/-0)
debian/patches/series (+1/-1)
debian/rules (+2/-0)
dev/null (+0/-64)
doc/Makefile (+3/-3)
items.c (+6/-1)
items.h (+1/-0)
memcached.c (+28/-9)
memcached.spec (+101/-27)
memcached_dtrace.d (+2/-6)
scripts/memcached-automove-extstore (+25/-30)
scripts/memcached.service (+46/-34)
scripts/memcached.sysconfig (+10/-0)
scripts/memcached@.service (+89/-0)
slab_automove_extstore.c (+65/-35)
slabs.c (+8/-3)
t/issue_67.t (+2/-2)
thread.c (+11/-0)
timedrun.c (+5/-5)
trace.h (+2/-2)
version.m4 (+1/-1)
Changed in memcached: | |
status: | Unknown → New |
Changed in memcached (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in memcached (Debian): | |
status: | Unknown → Confirmed |
Changed in memcached (Debian): | |
status: | Confirmed → Fix Released |
This bug was fixed in the package memcached - 1.5.6-0ubuntu1
---------------
memcached (1.5.6-0ubuntu1) bionic; urgency=medium
* New upstream bugfix release (LP: #1753839). udp-by- default. patch: drop (now upstream). service_ wrapper. patch: refresh to remove fuzz. systemd- sandboxing: restore sandboxing in memcached.service
* d/p/disable-
* d/p/02_
* d/p/restore-
removed by upstream in 1.5.6 to avoid feature regression (LP: #1755460).
-- Robie Basak <email address hidden> Tue, 13 Mar 2018 09:59:06 +0000