[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]



"Christopher W. Curtis" <ccurtis@aet-usa.com> writes:

[chmod -x /sbin/portmap]

> It's not wrong, it simply won't persist between package upgrades.  If
> you hack the init script, the package won't upgrade smoothly.

Please prove your claim that removing the x bit is more correct than
putting "exit 0" in front of the init script. The former needs a
manual intervention at every upgrade, while the latter needs manual
intervention only when the init script changed.

> The need for doing this is a deficiency in the debain system
> configuration process. update-rc.d doesn't persist either, and this
> is the "correct" way.

If the following piece from update-rc.d(8) is not correct, please file
a bug:

       If  any  files  /etc/rcrunlevel.d/[SK]??name already exist
       then update-rc.d does nothing.  This is so that the system
       administrator  can rearrange the links, provided that they
       leave at least one link remaining,  without  having  their
       configuration overwritten.

> The issue itself is trivial - my 'beef' is with the people
> (and attitudes) who tried to tell me that crashing is the right thing to
> do.

What did crash? The shell? A script being aborted with "/sbin/portmap:
Permission denied" is a crash in your eyes.

> Besides, to me, printing a warning (being notified) is more informative
> than seeing an error dump and knowing what it is supposed to mean,
> [...]

I don't see how you can get much more descriptive than the Permission
denied message.

-- 
Robbe



Reply to: