[Pkg-shadow-devel] Bug#923478: initscripts use unsafe `: >` shell command to create files
Chris Hofstaedtler
zeha at debian.org
Fri Apr 26 12:17:29 BST 2019
* Dmitry Bogatov <KAction at debian.org> [190425 16:13]:
> [2019-04-22 09:18] "Serge E. Hallyn" <serge at hallyn.com>
> > > [ Dmitry Bogatov ]
> > > Dear login maintainers, currently we have following core executed during
> > > boot:
> > >
> > > # Create /var/run/utmp so we can login.
> > > true > /var/run/utmp
> > > if grep -q ^utmp: /etc/group
> > > then
> > > chmod 664 /var/run/utmp
> > > chgrp utmp /var/run/utmp
> > > fi
> > >
> > > It seems that system boots and works just fine without it. Are there any
> > > subtle reasons to keep creating /var/run/utmp in initscripts?
> >
> > Is the above pseudocode? If not, where is that code precisely?
>
> It is from /etc/init.d/bootmisc.sh from initscripts=2.94-3, lines 28-34.
>
> > Near as I can tell, if you do not create it, it will never exist,
> > and pututent entries will not be saved.
>
> According my experiments, it will. Even if I remove this code, something
> (login/getty, maybe?) still creates /var/run/utmp, root:root.
Which init was used in your experiments?
If it was systemd or anything else honoring tmpfiles.d,
/lib/tmpfiles.d/systemd.conf has:
F! /run/utmp 0664 root utmp -
> Thus I am asking your advice, whether it is safe to not create
> /var/run/utmp in initscripts.
Depending on the init, removing initscripts is already allowed, and
it's likely that fresh installs do not even get it installed
anymore.
Chris
More information about the Pkg-shadow-devel
mailing list