Bug#923478: initscripts use unsafe `: >` shell command to create files
Dmitry Bogatov
KAction at debian.org
Thu Apr 11 11:43:02 BST 2019
[2019-04-08 20:20] Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
> On Mon, 8 Apr 2019, Dmitry Bogatov wrote:
> > [2019-04-07 10:52] Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
> > > On Sat, 6 Apr 2019, Dmitry Bogatov wrote:
> > >
> > > The redirection in /etc/init.d/bootmisc.sh on line 29 is _not_ error
> > > handled. Writing to a file can fail (for various reasons).
> > >
> > > OTOH, the redirection in /lib/init/bootclean.sh on line 22 _is_ error
> > > handled.
> >
> > Good catch. Mind to send a patch into a separate bug?
>
> Sure. So, what do you want it to do when truncating /var/run/utmp
> fails?
>
> 29 : > /var/run/utmp
> 30 if grep -q ^utmp: /etc/group
> 31 then
> 32 chmod 664 /var/run/utmp
> 33 chgrp utmp /var/run/utmp
> 34 fi
Warning message and make do_start return 1, I guess.
By the way, is
# Create /var/run/utmp so we can login
comment still accurate? I am confident, that `fgetty' does not check for
presence of /var/run/utmp, and at glance, I can't find code in
src:util-linux, that would prevent login when /var/run/utmp is absent.
--
Note, that I send and fetch email in batch, once every 24 hours.
If matter is urgent, try https://t.me/kaction
--
More information about the Debian-init-diversity
mailing list