Skip to content

Switch from the unmaintained daemonize crate to a maintained fork #4512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Switch from the unmaintained daemonize crate to a maintained fork #4512

wants to merge 1 commit into from

Conversation

@decathorpe
Copy link

@decathorpe decathorpe commented Nov 18, 2025

The daemonize crate was marked as unmaintained. It also has a UB issue, and zellij-client uses the affected API (Daemonize::privileged_action - see knsd/daemonize#57 for the original PR / report against daemonize).

This PR switches the dependency to a maintained fork (maintained by me) where that UB issue was resolved in a published version. daemonix v0.1 is guaranteed to be a drop-in replacement for daemonize v0.5.0, except that it doesn't have the aforementioned UB issue in Daemonize::privileged_action.

In the spirit of making this soundness fix as trivial a change and as easy to review as possible (yes, I have read the contribution guidelines), I have simply switched the crate dependency but kept the imported name the same - this way, the changes are limited to a one-line change in Cargo.toml and the corresponding changes in Cargo.lock.

c.f. https://rustsec.org/advisories/RUSTSEC-2025-0069.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@decathorpe