Mailinglist Archive: opensuse-bugs (4068 mails)

< Previous Next >
[Bug 714632] ipmiutil: use of /var/lock/subsys unsupported

--- Comment #2 from Ludwig Nussel <lnussel@xxxxxxxx> 2011-08-30 13:44:58 CEST
That's not quite as intended. The script must not use /var/lock/subsys at all.
The theoretical attack is that an attacker that gains access to the lock group
could put arbitrary things in /var/lock, e.g. stale symlinks pointing to
somewhere. Your init script would follow such a link and touch a file in an
arbitrary place.
ln -s /etc/nologin /var/lock/subsys/hpi

would result in no user being able to log in anymore if the script was run.
The likelihood and impact of such an attack is low of course but if the script
is fixed in that regard it should fixed correctly :-)

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >