Re: SECURITY PROBLEM: autofs [all versions]
Joey Hess wrote:
>
> Christopher W. Curtis wrote:
> > And the same should apply to init scripts that try to run a program
> > without first checking to see if it is executable.
>
> Um, no that is not how unix works.
>
> Before running a program, well-written unix code does not have to check to
> see if
>
> * the program exists
then why do the scripts check '-f' ?
[...]
> It just runs the program. If the program fails to run, it checks return
> codes to determine that. This is what all debian init scripts do, via set -e.
~# grep set /etc/init.d/portmap
sleep 1 # needs a short pause or pmap_set won't work. :(
pmap_set </var/run/portmap.upgrade-state
pmap_set </var/run/portmap.state
> The test -f is added for a wholly different reason. See debian policy
> section 3.3.2:
>
> These scripts should not fail obscurely when the configuration files
> remain but the package has been removed, as configuration files remain
> on the system after the package has been removed. Only when `dpkg' is
> executed with the `--purge' option will configuration files be
> removed. In particular, the init script itself is usually a
> configuration file (see Section 3.3.5, `Notes'), and will remain on
> the system if the package is removed but not purged. Therefore, you
> should include a `test' statement at the top of the script, like this:
>
> test -f <program-executed-later-in-script> || exit 0
Perhaps poilcy should change then, since people aren't inclined to
believe that '-x' is "like" '-f', but fails under fewer circumstances?
> But then people have told you this before, and you continue to ignore them.
> As I will you, I think.
No, everyone else has been trying to tell me that
~# chmod -x /sbin/portmap
~# /etc/init.d/portmap restart
Stopping portmap daemon: portmap.
Starting portmap daemon: portmapstart-stop-daemon: Unable to start
/sbin/portmap: Permission denied
.
is either "right" or that a test -x is not 'better'.
Christopher
Reply to: