Hello. On Sat 2003-03-15 at 10:30:13 -0800, [EMAIL PROTECTED] wrote: > don't know much about shell scripting. anyone care to tell me what it is > doing? > > $ rpm -qp --scripts usermode-1.42-8.2mdk.i586.rpm > postinstall scriptlet (through /bin/sh): > if [ ! -z "$SECURE_LEVEL" ];then > if [ -x /usr/sbin/msec -a "$SECURE_LEVEL" -gt "3" ]; then /usr/sbin/msec > $SECURE_LEVEL || true ; fi > fi
If first checks whether $SECURE_LEVEL is set. If so, it looks if
/usr/sbin/msec is a executable and $SECURE_LEVEL is greater than 3. If
so, it runs /usr/sbin/msec $SECURE_LEVEL.
I think it means that if you are running at level>3, it calls msec to
ensure all rules of your security setting are up to date.
I just tested this script and for me it does what it is intended to
do, i.e. with SECURE_LEVEL=3, it does nothing; with SECURE_LEVEL=4, it
calls "/usr/sbin/msec 4".
> it kind of scared me to upgrade a package as root and then have it
> automatically launch a shell script that messed with quite a few of the
> security settings.
Except for the "messed with" part that is normal and a lot of packages
do that. Or else, you would have to update the security settings
(e.g. which files have suid) by hand whenever you install/update an
rpm.
> especially since the script seemed to change things to make them
> more insecure by default instead of shutting off services and so on
> by default.
I don't know what happened to you. What you describe sounds as if msec
has been called with the wrong level. But I don't see how that could
happen with the given script.
HTH,
Benjamin.
pgp00000.pgp
Description: PGP signature
