Package: kexec-tools
Version: 1:2.0.7-3
Severity: normal
The new coldreboot mechanism uses a flag file with a hardcoded name in
a world-writable directory, which is generally considered a bad idea.
Unprivileged users can trivially sabotage attempts to do a "warm"
kexec-reload - indeed, they can even do so *accidentally*!
All that needs to happen is that somebody notices the existence of
coldreboot and idly tries "/sbin/coldreboot --help" - which creates
the flag file before invoking "reboot --help".
Then months later when the admin needs to do a quick warm reboot into
a new kernel the machine mysteriously fails to cooperate, and the
clues to what went wrong are erased in the process.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.17-1-686-pae (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages kexec-tools depends on:
ii debconf [debconf-2.0] 1.5.53
ii libc6 2.19-11
kexec-tools recommends no packages.
kexec-tools suggests no packages.
-- debconf information:
kexec-tools/use_grub_config: false
* kexec-tools/load_kexec: true
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
