pcp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[pcp-announce] PCP 3.6.10 released [NOTE: this release contains security

from [Nathan Scott] [Permanent Link][Original]
To: pcp-announce@xxxxxxxxxxx
Subject: [pcp-announce] PCP 3.6.10 released [NOTE: this release contains security improvements]
From: Nathan Scott <nathans@xxxxxxxxxx>
Date: Mon, 19 Nov 2012 19:46:29 -0500 (EST)
Cc: David Disseldorp <ddiss@xxxxxxx>, Thomas Biege <thomas@xxxxxxx>
In-reply-to: <2010221349.28472597.1353371155808.JavaMail.root@xxxxxxxxxx>
List-archive: <http://oss.sgi.com/pipermail/pcp-announce>
List-help: <mailto:pcp-announce-request@oss.sgi.com?subject=help>
List-id: pcp announcements <pcp-announce.oss.sgi.com>
List-post: <mailto:pcp-announce@oss.sgi.com>
List-subscribe: <http://oss.sgi.com/mailman/listinfo/pcp-announce>, <mailto:pcp-announce-request@oss.sgi.com?subject=subscribe>
List-unsubscribe: <http://oss.sgi.com/mailman/options/pcp-announce>, <mailto:pcp-announce-request@oss.sgi.com?subject=unsubscribe>
Reply-to: Nathan Scott <nathans@xxxxxxxxxx>
Sender: pcp-announce-bounces@xxxxxxxxxxx 
Hi all,

PCP 3.6.10 has now been released.  This update is the first to
include the changes that make all PCP daemons (pmcd, pmlogger,
pmie, pmproxy, and all-PMDAs-that-choose-to-opt-in) run under
an unprivileged user account, rather than as root.  The account
should be automatically created by the packaging system being
used (rpm/deb/dmg).

Additionally, it includes important changes to the way many of
the PCP shell scripts choose to name temporary files (using the
PID of the shell script).  This addresses CVE-2012-5530 which
was found and kindly reported to us by Thomas Beige and equally
kindly fixed by David Disseldorp (both from SUSE).  Thanks!

A note for PMDA authors, for agents that are not part of PCP:
in order to ensure continued function for you, by default, your
PMDA will continue to run as root (or whichever user you are
currently running as).  That is, provided it runs as a daemon
and not a DSO.  If you would like to drop privileges, please
refer to the example PMDAs included in PCP (e.g. pmdasample or
pmdasimple) - in particular, their main() routines and Install
scripts - its very straight forward to switch over.  Feel free
to seek clarification and ask questions on either the #pcp IRC
channel on freenode.net or the pcp@xxxxxxxxxxx mailing list.


pcp-3.6.10 (19 November 2012)
    - Transition daemons to run under an unprivileged account.
    - Fixes for security advisory CVE-2012-5530: tmpfile flaws.
    - Fix pcp(1) command short-form pmlogger reporting.
    - Fix pmdalogger error handling for directory files.
    - Fix pmstat handling of odd corner case in CPU metrics.
    - Correct the python ctype used for pmAtomValue 32bit ints.
    - Add missing RPM spec dependency for python-ctypes.
    - Corrections to pmdamysql metrics units.
    - Add pmdamysql slave status metrics.
    - Improve pmcollectl error messages.
    - Parameterize pmcollectl CPU counts in interrupt subsys.
    - Fix generic RPM packaging for powerpc builds.
    - Fix python API use of reentrant libpcp string routines.
    - Python code backporting for RHEL5 in qa and pmcollectl.
    - Fix edge cases in capturing interrupt error counts.


cheers.

--
Nathan

_______________________________________________
pcp-announce mailing list
pcp-announce@xxxxxxxxxxx
http://oss.sgi.com/mailman/listinfo/pcp-announce
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [pcp-announce] PCP 3.6.10 released [NOTE: this release contains security improvements], Nathan Scott <=
Previous by Date:  PCP on Solaris, Max Matveev
Next by Date:  pcp updates: secure tmpfile naming, Nathan Scott
Previous by Thread:  PCP on Solaris, Max Matveev
Next by Thread:  pcp updates: secure tmpfile naming, Nathan Scott
Indexes:  [Date] [Thread] [Top] [All Lists]