Bug#923478: initscripts use unsafe `: >` shell command to create files
Dmitry Bogatov
KAction at debian.org
Sun Apr 14 11:52:45 BST 2019
[2019-04-11 14:45] Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
>
> part text/plain 1537
> On Thu, 11 Apr 2019, Dmitry Bogatov wrote:
> >
> > Warning message and make do_start return 1, I guess.
>
> This is what I can come up with:
Thank you.
> + else
> + echo "Error: failed to truncate $utmp" >&2
> + exit 4
4 -- "insufficent privilegies". I believe, it is better to return 1
("generic or unspecified error"), but see futher discussion below.
Oh, and you skip 'rm -f' statements in case of error with /var/run/utmp.
I would get quite surprised, should I get error that root has
insufficent privilegies.
I am sorry to ping-pong your patch, but I feel it wrong to amend patches
(change code, keep attribution) of others.
> > By the way, is
> >
> > # Create /var/run/utmp so we can login
> >
> > comment still accurate? I am confident, that `fgetty' does not check
> > for presence of /var/run/utmp, and at glance, I can't find code in
> > src:util-linux, that would prevent login when /var/run/utmp is
> > absent.
>
> I really can't say. I suppose it depends on which `login' is used?
Definitely. But default one is from bin:util-linux.
I just did some testing on my virtual machine of Debian 9 (stable):
* I logged in as root on tty1, deleted /var/run/utmp and tried to login
on tty2. I succeed to login as both root and non-root.
* I commented out from bootmisc.sh all code, that works with
/var/run/utmp and rebooted. There were no errors, and I logged in
just fine.
Something already created /var/run/utmp root:root, 644.
So I question, how much of this code is actually necessary:
* group 'utmp' exists on bare system, so conditional is not needed.
* if /var/run/utmp is missing, nothing bad seems to happen, so does
this code is needed at all?
Opinions?
PS. Cristian, it seems I did not enough research prior asking you to
make patch and caused labour wasted. I am sorry.
--
Note, that I send and fetch email in batch, once every 24 hours.
If matter is urgent, try https://t.me/kaction
--
More information about the Debian-init-diversity
mailing list