Hello! I red the debian-policy v.3.6.1.1 (testing) and found in chapter 9.3.5. the example shown not so good as it should be, so I´m so keen to propose some rules for all /etc/init.d/ scripts: + Rule1: "All scripts should (must) check for existence all ressources they will use and handle properly missing failures before calling / combining / using these ressources." E.g. the script /etc/init.d/inetd forget to check the existence (and accessibilty) of /etc/initd.conf! (Of course it should be there, but if it is not???). The script /etc/init.d/nis forgets to check for the availability of the ypserver it needs - so booting is delayed for serveal minutes as the ypbind dies for himself. The bind script states its $PIDFILE - is this an security leak while this file is deleted / rewritten with root´s rights? + Rule2: "All named ressources referenced by an script should (must) use an symbolic variable (read: environment variable) instead of hard coding the name or the location over and over again." E.g. in the mentioned script "inetd" I would take the name and location of the PID file out of the script into a variable written in /etc/defaults/initd called PIDFILE. + Rule3: "All symbolic named ressources should (must) be declared and initialized at the beginning of the script. They might be changed only via scripts out of /etc/defaults." + Rule4: "If a important ressource isn´t available to the script it exits with an errorlevel > 0 (1?)" + Rule5: "All system specific configuration files in /etc/defaults should be changeable only by root, readable by world" So in the current (testing) bind script ... - the path ist set without checking if its already perfect - the named command ist refered twice in start(), so if its place or name is to be changed all places must be corrected. :-( - suddenly the ndc command appears... I append a rcsdiff for bind. :-) You might answer the commands will check the configfiles for themselfs (and so its out of scope of the policy for initd scripts) but I see the relation between config file and its ressources is made in the init.d script... May be lintian should check all scripts going to /etc/init.d for literals? ToDo: Whats about the $OPTIONS in /etc/inetd.conf and xinetd.conf ? How can they be taken from /etc/defaults/? Tim Beil Problem Solutions An Steins Garten 11 35394 Gießen Germany Tel:0641 9433233 Tel:0175 2248307 Fax:0721 151 212874 http://www.beil-problem-solutions.de mailto:tim.beil@beil-problem-solutions.de -- First things first and first time right
Attachment:
x
Description: Binary data