Bug#923478: [Pkg-shadow-devel] Bug#923478: initscripts use unsafe `: >` shell command to create files
Serge E. Hallyn
serge at hallyn.com
Mon Apr 22 15:18:17 BST 2019
On Tue, Apr 16, 2019 at 10:44:21PM +0000, Dmitry Bogatov wrote:
>
> [2019-04-14 13:35] Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
> > On Sun, 14 Apr 2019, Dmitry Bogatov wrote:
> > >
> > > Definitely. But default one is from bin:util-linux.
> >
> > On my sid/unstable:
> >
> > # dpkg -S /bin/login
> > login: /bin/login
>
> You are right, it is from src:shadow.
>
> > > So I question, how much of this code is actually necessary:
> > >
> > > * group 'utmp' exists on bare system, so conditional is not needed.
> > > * if /var/run/utmp is missing, nothing bad seems to happen, so does
> > > this code is needed at all?
> > >
> > > Opinions?
> >
> > IMO, less code is better. I didn't loog at the source. But I can
> > see this:
> >
> > # strings /bin/login | egrep 'utmp|faillog|/'
> > /lib64/ld-linux-x86-64.so.2
> > /usr/share/locale
> > No utmp entry. You must exec "login" from the lowest level "sh"
> > [...]
>
> I took a look at source. It seems that this error may only happen if UID != 0.
> I'd better add login maintainers into thread.
>
> Dear login maintainers, currently we have following core executed during
> boot:
>
> # Create /var/run/utmp so we can login.
> true > /var/run/utmp
> if grep -q ^utmp: /etc/group
> then
> chmod 664 /var/run/utmp
> chgrp utmp /var/run/utmp
> fi
>
> It seems that system boots and works just fine without it. Are there any
> subtle reasons to keep creating /var/run/utmp in initscripts?
Hi,
Is the above pseudocode? If not, where is that code precisely?
Near as I can tell, if you do not create it, it will never exist,
and pututent entries will not be saved.
> > > PS. Cristian, it seems I did not enough research prior asking you to
> > > make patch and caused labour wasted. I am sorry.
> >
> > No worries. Still, I would be cautious. That redirection (with or
> > without a command prefix) is still questionable, as it _truncates_ the
> > file (as opposed to just touching it).
>
> It is under /var/run, which is tmpfs, so it is okay.
> --
> Note, that I send and fetch email in batch, once every 24 hours.
> If matter is urgent, try https://t.me/kaction
> --
>
> _______________________________________________
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
More information about the Debian-init-diversity
mailing list