[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]



David Starner wrote:
> 
> On Tue, Jul 04, 2000 at 10:40:02AM -0400, Christopher W. Curtis wrote:
> > You're reasoning seems almost plausible, but still flawed.  Again, if
> > that is the intent, then instead of failing at all, it should print a
> > warning that says, "You have disabled foo.  If this package is upgraded,
> > it will be reenabled." because it is not an error.  It was disabled
> > intentionally and intentionally not removed so programs like tripwire
> 
> If you remove it, it will get replaced the next time you upgrade. The
> correct way to handle is to hack the init.d script not to run it. Pretty
> much any other way is wrong. And what's the difference between failing
> noisly and printing a warning if you aren't going to read the screen/
> boot-up logs anyway?

It's not wrong, it simply won't persist between package upgrades.  If
you hack the init script, the package won't upgrade smoothly.  The need
for doing this is a deficiency in the debain system configuration
process.  update-rc.d doesn't persist either, and this is the "correct"
way.

The difference between printing a warning and failing noisily, for
practical purposes, is none - maybe.  Does the failure get logged in
dmesg?  If yes, then it makes no difference, practically.  The
difference, though, is that one way (-x) the script remains in control,
the other (-f) it "crashes".  I assert that a) it should not crash and
that b) it's easy to fix, so do it.

I did not file a bug report, I did not make a big deal about it - it's a
problem that affects about 1/3 of the scripts, the others test -x.  I
suggested that they all test -x since it's "the right thing", and I got
flak, substanciated with nonsensical (imo) arguments.

Hopefully, the init scripts will all be rewritten the hpux/redhat way as
suggested in another thread and this whole subthread will be
irrelevant.  The issue itself is trivial - my 'beef' is with the people
(and attitudes) who tried to tell me that crashing is the right thing to
do.

Besides, to me, printing a warning (being notified) is more informative
than seeing an error dump and knowing what it is supposed to mean, and
its implications (that an upgrade will fix the error, but only by
reverting my change).  At least with the message, I'll know that an
upgrade will do that.

Christopher



Reply to: