Re: SECURITY PROBLEM: autofs [all versions]
Christopher W. Curtis wrote:
> And the same should apply to init scripts that try to run a program
> without first checking to see if it is executable.
Um, no that is not how unix works.
Before running a program, well-written unix code does not have to check to
see if
* the program exists
* the program is executable
* all shared libraries used by the program exist and are linking
properly
* the moon is in the right phase to prevent the program from crashing
It just runs the program. If the program fails to run, it checks return
codes to determine that. This is what all debian init scripts do, via set -e.
The test -f is added for a wholly different reason. See debian policy
section 3.3.2:
These scripts should not fail obscurely when the configuration files
remain but the package has been removed, as configuration files remain
on the system after the package has been removed. Only when `dpkg' is
executed with the `--purge' option will configuration files be
removed. In particular, the init script itself is usually a
configuration file (see Section 3.3.5, `Notes'), and will remain on
the system if the package is removed but not purged. Therefore, you
should include a `test' statement at the top of the script, like this:
test -f <program-executed-later-in-script> || exit 0
But then people have told you this before, and you continue to ignore them.
As I will you, I think.
--
see shy jo
Reply to: