Re: SECURITY PROBLEM: autofs [all versions]
"Christopher W. Curtis" <ccurtis@aet-usa.com> writes:
[chmod -x /sbin/portmap]
> It's not wrong, it simply won't persist between package upgrades. If
> you hack the init script, the package won't upgrade smoothly.
Please prove your claim that removing the x bit is more correct than
putting "exit 0" in front of the init script. The former needs a
manual intervention at every upgrade, while the latter needs manual
intervention only when the init script changed.
> The need for doing this is a deficiency in the debain system
> configuration process. update-rc.d doesn't persist either, and this
> is the "correct" way.
If the following piece from update-rc.d(8) is not correct, please file
a bug:
If any files /etc/rcrunlevel.d/[SK]??name already exist
then update-rc.d does nothing. This is so that the system
administrator can rearrange the links, provided that they
leave at least one link remaining, without having their
configuration overwritten.
> The issue itself is trivial - my 'beef' is with the people
> (and attitudes) who tried to tell me that crashing is the right thing to
> do.
What did crash? The shell? A script being aborted with "/sbin/portmap:
Permission denied" is a crash in your eyes.
> Besides, to me, printing a warning (being notified) is more informative
> than seeing an error dump and knowing what it is supposed to mean,
> [...]
I don't see how you can get much more descriptive than the Permission
denied message.
--
Robbe
Reply to: