[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#591722: udev: I have to connect my internet key after boot to have it working



clone 591722 -1 -2
retitle 591722 usb-modeswitch: Broken assumptions on availability of
/usr/bin/* and /var/log at boot time
severity 519722 important
retitle -1 usb-modeswitch: Recursive greps overs udev rules slow down the
boot
severity -1 important
retitle -2 usb-modeswitch: Insecure usage of /tmp/gsmmodem_*
severity -2 grave
retitle -3 
severity -3 normal
thanks

Hi Carlo and Marco, and thanks for reporting and reassigning this bug.

I'm hereby cloning it in various parts in order to track the various
issues you reported separately.

debian-security: the -2 above might be of interest, as advised by Marco.
Josua (upstream): please comment on the various bugs separately if
possible.

On Thu, 5 Aug 2010 02:50:22 +0200, md@Linux.IT (Marco d'Itri) wrote:
> For a start, usb_modeswitch is broken because it expects /usr/bin/tclsh
> (and /usr/bin/logger, and /var/log/ and probably more) to be available
> at boot time.

That will be tracked as #591722.

> To the usb_modeswitch maintainer: please also remove from the script
> crap like the recursive greps over /etc/udev/rules.d /lib/udev/rules.d
> which make the boot unnecessarily slower. If this is needed because
> another package is buggy then have if fixed and add a conflict.

That will be tracked as #-1.

> And unless I am missing something, the usage of /tmp/gsmmodem_* is
> insecure (if confirmed, please clone the bug and contact the security
> team). And expected to *not* work at boot time. And subject to races.
> And just plain ugly. What did the author think?

This as #-2.

> Last but not least, if the program started by a RUN rule really needs to
> sleep multiple times (hint: probably not with a modern kernel) then it
> must fork and daemonize.

And this as #-3.

Thanks in advance for eventual advices, 

OdyX


Reply to: