Re: Bug#179125: maintainer scripts tries to exec script in /tmp

To: Andreas Metzler <ametzler@logic.univie.ac.at>, debian-devel@lists.debian.org
Subject: Re: Bug#179125: maintainer scripts tries to exec script in /tmp
From: Russell Coker <russell@coker.com.au>
Date: Mon, 3 Feb 2003 15:01:08 +0100
Message-id: <[🔎] 200302031501.08031.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20030203134051.GB2284@balrog.logic.univie.ac.at>
References: <1043972564.3e39c1d45aa99@anchor.net.au> <[🔎] 1044278638.12639.64.camel@linda.lfix.co.uk> <[🔎] 20030203134051.GB2284@balrog.logic.univie.ac.at>

On Mon, 3 Feb 2003 14:40, Andreas Metzler wrote:
> > I'm not sure how to express the command in a form that will work if
> > $SCRIPTFILE can't be executed directly.
>
> Just guessing:
> su - postgres -c "/usr/bin/perl /tmp/config.151751"
>                   cu andreas

su should not be used in postinst scripts or daemon start scripts.  su wants 
access to /etc/shadow and needs special security configuration.

Also for general security it's best for such daemon accounts to not have valid 
shells if possible, which precludes su.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- Re: Bug#179125: maintainer scripts tries to exec script in /tmp
  - From: Oliver Elphick <olly@lfix.co.uk>
- Re: Bug#179125: maintainer scripts tries to exec script in /tmp
  - From: Andreas Metzler <ametzler@logic.univie.ac.at>

Prev by Date: Re: listmaster update
Next by Date: Bug#179604: ITP: gini -- A little audio and video streaming server and the tools for it. A remote controller and a feeder.
Previous by thread: Re: Bug#179125: maintainer scripts tries to exec script in /tmp
Next by thread: Re: Bug#179125: maintainer scripts tries to exec script in /tmp
Index(es):
- Date
- Thread