Your message dated Sat, 30 Jan 2010 21:45:31 +0100
with message-id <[email protected]>
and subject line Re: Bug#531666: ferm's rc symlink behaviour is correct.
has caused the Debian Bug report #531666,
regarding ferm: postinst script creates not enough symlink to rc script
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
531666: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531666
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ferm
Version: 2.0.3-1
Severity: important
ferm.postinst of version 2.0.3-1 contains this:
# Automatically added by dh_installinit
if [ -x "/etc/init.d/ferm" ]; then
update-rc.d ferm start 41 S . start 36 0 6 . >/dev/null
Meanwhile the previous version was:
# Automatically added by dh_installinit
if [ -x "/etc/init.d/ferm" ]; then
update-rc.d ferm defaults >/dev/null
1.2.2-1 created the following symlinks after installation:
/etc# ls -l rc*.d/*ferm*
lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc0.d/K20ferm -> ../init.d/ferm
lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc1.d/K20ferm -> ../init.d/ferm
lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc2.d/S20ferm -> ../init.d/ferm
lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc3.d/S20ferm -> ../init.d/ferm
lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc4.d/S20ferm -> ../init.d/ferm
lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc5.d/S20ferm -> ../init.d/ferm
lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc6.d/K20ferm -> ../init.d/ferm
/etc#
After a 1.2.2-1 -> 2.0.3-1 upgrade symlinks remain intact, everybody is happy.
However in new installs we got this:
/etc$ ls -l rc*.d/*ferm*
lrwxrwxrwx 1 root root 14 Mar 13 10:15 rc0.d/S36ferm -> ../init.d/ferm
lrwxrwxrwx 1 root root 14 Mar 13 10:15 rc6.d/S36ferm -> ../init.d/ferm
lrwxrwxrwx 1 root root 14 Mar 13 10:15 rcS.d/S41ferm -> ../init.d/ferm
/etc$
This may cause that after a normal boot (i.e runlevel=2) iptables are empty.
The init script probably does not run at all.
!!! Systems with newly installed ferm are vulnerable. !!!
Gabor
-- System Information:
Debian Release: 5.0.1
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Closing the bug on Gabors request.
Peter
--
Peter Marschall
[email protected]
--- End Message ---
