Bug#923478: initscripts use unsafe `: >` shell command to create files
Cristian Ionescu-Idbohrn
cristian.ionescu-idbohrn at axis.com
Thu Apr 11 13:45:19 BST 2019
On Thu, 11 Apr 2019, Dmitry Bogatov wrote:
>
> Warning message and make do_start return 1, I guess.
This is what I can come up with:
>From 1ae8cb1cb6a306281ccddfa7aa67c13f6cb23ab5 Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cii at axis.com>
Date: Thu, 11 Apr 2019 14:36:47 +0200
Subject: [PATCH] Error handle redirection used to truncate /var/run/wtmp
Signed-off-by: Cristian Ionescu-Idbohrn <cii at axis.com>
---
bootmisc.sh | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/bootmisc.sh b/bootmisc.sh
index ad60f2a..e01a218 100755
--- a/bootmisc.sh
+++ b/bootmisc.sh
@@ -26,11 +26,18 @@ do_start () {
esac
# Create /var/run/utmp so we can login.
- : > /var/run/utmp
- if grep -q ^utmp: /etc/group
- then
- chmod 664 /var/run/utmp
- chgrp utmp /var/run/utmp
+ utmp=/var/run/utmp
+ if >$utmp; then
+ if grep -q ^utmp: /etc/group
+ then
+ chmod 664 $utmp ||
+ echo "Warning: failed to chmod $utmp" >&2
+ chgrp utmp $utmp ||
+ echo "Warning: failed to chgrp $utmp" >&2
+ fi
+ else
+ echo "Error: failed to truncate $utmp" >&2
+ exit 4
fi
# Remove bootclean's flag files.
--
2.20.1
> By the way, is
>
> # Create /var/run/utmp so we can login
>
> comment still accurate? I am confident, that `fgetty' does not check
> for presence of /var/run/utmp, and at glance, I can't find code in
> src:util-linux, that would prevent login when /var/run/utmp is
> absent.
I really can't say. I suppose it depends on which `login' is used?
Cheers,
--
Cristian
More information about the Debian-init-diversity
mailing list