https://bugzilla.novell.com/show_bug.cgi?id=714632 https://bugzilla.novell.com/show_bug.cgi?id=714632#c2 --- Comment #2 from Ludwig Nussel <lnussel@suse.com> 2011-08-30 13:44:58 CEST --- That's not quite as intended. The script must not use /var/lock/subsys at all. The theoretical attack is that an attacker that gains access to the lock group could put arbitrary things in /var/lock, e.g. stale symlinks pointing to somewhere. Your init script would follow such a link and touch a file in an arbitrary place. E.g. ln -s /etc/nologin /var/lock/subsys/hpi would result in no user being able to log in anymore if the script was run. The likelihood and impact of such an attack is low of course but if the script is fixed in that regard it should fixed correctly :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.