[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]



Christopher W. Curtis wrote:
> And the same should apply to init scripts that try to run a program
> without first checking to see if it is executable.

Um, no that is not how unix works.

Before running a program, well-written unix code does not have to check to
see if

* the program exists
* the program is executable
* all shared libraries used by the program exist and are linking
  properly
* the moon is in the right phase to prevent the program from crashing

It just runs the program. If the program fails to run, it checks return
codes to determine that. This is what all debian init scripts do, via set -e.
The test -f is added for a wholly different reason. See debian policy
section 3.3.2:

     These scripts should not fail obscurely when the configuration files
     remain but the package has been removed, as configuration files remain
     on the system after the package has been removed.  Only when `dpkg' is
     executed with the `--purge' option will configuration files be
     removed.  In particular, the init script itself is usually a
     configuration file (see Section 3.3.5, `Notes'), and will remain on
     the system if the package is removed but not purged.  Therefore, you
     should include a `test' statement at the top of the script, like this:

            test -f <program-executed-later-in-script> || exit 0

But then people have told you this before, and you continue to ignore them.
As I will you, I think.

-- 
see shy jo



Reply to: