Re: portmap (was Re: SECURITY PROBLEM: autofs [all versions])

To: debian developer list <debian-devel@lists.debian.org>
Subject: Re: portmap (was Re: SECURITY PROBLEM: autofs [all versions])
From: jpb <jpb@creol.ucf.edu>
Date: Fri, 07 Jul 2000 11:07:50 -0400
Message-id: <[🔎] 3965F246.8BB07620@creol.ucf.edu>
References: <[🔎] 20000705131034.A18926@x8b4e53cd.dhcp.okstate.edu> <[🔎] 39637C9E.F740D61D@aet-usa.com> <[🔎] 20000705182528.R4451@flounder.net> <[🔎] 20000707011257R.dancer@netfort.gr.jp> <[🔎] 3964B791.C492151D@aet-usa.com> <[🔎] 20000708005600.C1637@azure.humbug.org.au>

Anthony Towns wrote:
> More problematic though, is that netbase and friends not only rerun
> update-rc.d on upgrades, but they also restart the service (or run
> /etc/init.d/* restart or something similar anyway). So even replacing
> all the S* symlinks with K* symlinks, you can still end up with portmap
> (or whatever) running when you don't want it. The only correct way to
> handle this at the moment is by adding an exit 0 somewhere in your init.d
> script. It's ugly, but it works.
> 
> A much better solution is possible, but it requires some scripts to be
> distributed with dpkg/sysvinit and filerc, and it requires maintainers
> to change their calls to /etc/init.d/* restart (or whatever), and some
> policy updates to document the new requiremnets. People seem quite happy
> to keep complaining about this, but that's been done already, if you
> want to do something useful, get the stuff organised make the policy
> proposal and generally get a better, working system ready and deployed.

How about something like Irix's chkconfig?  Make the init.d scripts
source /etc/config.d/whatever, and then exit 0 if some environment
variable (RUN for example) isn't set to 1.

This could be combined with the idea from another thread to have an
/etc/config.d directory that would let users set various environment
variables without messing with the actual init.d scripts.
-- 
Joe Block <jpb@creol.ucf.edu>
CREOL System Administrator

Social graces are the packet headers of everyday life.

Reply to:

Follow-Ups:
- Re: portmap (was Re: SECURITY PROBLEM: autofs [all versions])
  - From: Mike Mattice <mike@milliways.cx>

References:
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: David Starner <dvdeug@x8b4e53cd.dhcp.okstate.edu>
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: "Christopher W. Curtis" <ccurtis@aet-usa.com>
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: Adam McKenna <adam-debian@flounder.net>
- portmap (was Re: SECURITY PROBLEM: autofs [all versions])
  - From: Junichi Uekawa <dancer@netfort.gr.jp>
- Re: portmap (was Re: SECURITY PROBLEM: autofs [all versions])
  - From: "Christopher W. Curtis" <ccurtis@aet-usa.com>
- Re: portmap (was Re: SECURITY PROBLEM: autofs [all versions])
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: portmap (was Re: SECURITY PROBLEM: autofs [all versions])
Next by Date: Re: SECURITY PROBLEM: autofs [all versions]
Previous by thread: Re: portmap (was Re: SECURITY PROBLEM: autofs [all versions])
Next by thread: Re: portmap (was Re: SECURITY PROBLEM: autofs [all versions])
Index(es):
- Date
- Thread