[Bug 714632] New: ipmiutil: use of /var/lock/subsys unsupported
https://bugzilla.novell.com/show_bug.cgi?id=714632 https://bugzilla.novell.com/show_bug.cgi?id=714632#c0 Summary: ipmiutil: use of /var/lock/subsys unsupported Classification: openSUSE Product: openSUSE 12.1 Version: Factory Platform: All OS/Version: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: kkaempf@suse.com ReportedBy: lnussel@suse.com QAContact: qa@suse.de Found By: --- Blocker: --- ipmiutil uses /var/lock/subsys which is unsupported on openSUSE. On openSUSE /var/lock is reserved for device lock files and must not be used for other purposes. Due to the use of tmpfs on /var/lock the subsys directory does not exist anymore either so if your package used /var/lock/subsys for any real purpose it might be silently broken already. Please fix your packge to not use /var/lock/subsys. http://en.opensuse.org/openSUSE:Packaging_checks#subsys-unsupported -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=714632
https://bugzilla.novell.com/show_bug.cgi?id=714632#c1
Klaus Kämpf
https://bugzilla.novell.com/show_bug.cgi?id=714632
https://bugzilla.novell.com/show_bug.cgi?id=714632#c2
--- Comment #2 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=714632
https://bugzilla.novell.com/show_bug.cgi?id=714632#c3
--- Comment #3 from Klaus Kämpf
That's not quite as intended. The script must not use /var/lock/subsys at all. The theoretical attack is that an attacker that gains access to the lock group could put arbitrary things in /var/lock, e.g. stale symlinks pointing to somewhere. Your init script would follow such a link and touch a file in an arbitrary place. E.g. ln -s /etc/nologin /var/lock/subsys/hpi
Hmm, how's that different from tampering /var/run or any other dir/file used by the ipmiutil package ? I guess protecting the system from unauthorized access (i.e. to the lock group) is outside of ipmiutil. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=714632
https://bugzilla.novell.com/show_bug.cgi?id=714632#c4
--- Comment #4 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=714632
https://bugzilla.novell.com/show_bug.cgi?id=714632#c5
--- Comment #5 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=714632
https://bugzilla.novell.com/show_bug.cgi?id=714632#c6
--- Comment #6 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com