Your message dated Sat, 21 Apr 2012 00:52:18 +0100
with message-id <[email protected]>
and subject line Close old and unfixable sysvinit bugs
has caused the Debian Bug report #55361,
regarding Should init call initgroups()?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
55361: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=55361
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sysvinit
Version: 2.78-1
Severity: wishlist
Kernel doesn't initialize the first process's (init) group access list, as that
information is contained in /etc/group. Normally this isn't any problem,
because root processes can override any file system permissions. However, this
overriding capability (kernel terms: cap_dac_override and cap_dac_read_search)
can be disabled by tweaking Linux kernel default values for initial
capabilities. In that case, it would help designing group access modes for more
secure system, if the initial process's group access list were initialized.
This patch adds initgroups() call for this purpose. It works fine in my system,
but I can imagine there could be some systems with NIS/LDAP only where this
might cause problems. Symptoms could include delays or even total hang when the
NSS, name service switch tries to access the network before that is configured.
I'm not familiar with NSS, so I'd like to hear more comments.
-Topi
diff -ru src/init.c.orig src/init.c
--- src/init.c.orig Sat Nov 13 19:32:27 1999
+++ src/init.c Sun Jan 16 18:17:35 2000
@@ -45,6 +45,7 @@
#include <stdarg.h>
#include <sys/syslog.h>
#include <sys/time.h>
+#include <grp.h>
#ifdef __i386__
# if (__GLIBC__ >= 2)
@@ -2283,6 +2284,11 @@
CHILD *ch;
sigset_t sgt;
struct sigaction sa;
+
+ /*
+ * Initialize group access list, the kernel just zeroes it.
+ */
+ initgroups("root", 0);
if (!reload) {
--- End Message ---
--- Begin Message ---
This bug is being closed as part of a cleanup of the old bug
reports in the sysvinit package, in an attempt to make it easier
to address the bug reports which actually are fixable. Some
reasons:
- Not a bug and/or it's a patch which will not be applied
- It will not be fixed, ever for various reasons
- Problem is not fixable in sysvinit or not our responsibility
- A better solution has become available in the interim
- No activity or submitter response in over a decade or more
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
--- End Message ---
_______________________________________________
Pkg-sysvinit-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-sysvinit-devel
