11247 – RPM and upgrade errors

Bug 11247 - RPM and upgrade errors

Summary: RPM and upgrade errors

Keywords:
Status:	CLOSED DUPLICATE of bug 52190
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	rpm
Sub Component:
Version:	6.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jeff Johnson
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-05-05 17:16 UTC by Robert Thomas
Modified:	2008-05-01 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2001-05-03 15:52:58 UTC
Embargoed:

Attachments	(Terms of Use)

Description Robert Thomas 2000-05-05 17:16:15 UTC

I applied the 6.2 upgrade to a 6.0 system not realizing that the system had
chattr +i -R'd /lib,/bin,/sbin,/usr, /etc/rc.d, /etc/mail and other misc
files.  The install script continued along its happy way NOT installing
some files nor generating any error messages.  When the machine was
rebooted, it was all messed up because it had somehow managed to delete
/etc/inittab and did not replace it with something useful.  It did manage
to update the package database so a subsequent upgrade thought everything
was up to date and didn't want to install the new software.

Comment 1 Jeff Johnson 2000-05-05 17:59:59 UTC

Um, rpm is totally unprepared to deal with chattr (or even rdonly) file systems.
Until chattr is more widely (and consistently) used, I see little need to teach
rpm about chattr. For now, just "Don't do that!".

Comment 2 Robert Thomas 2000-05-05 18:29:59 UTC

I feel that this is unfortunate.  I have been teaching a LOT of people to use
the immutable bit on critical files and directories and it has saved a number of
systems from being broken into in the past (sometimes by crackers, sometimes by
a manager who gained access to a console logged in as root).

I guess I really feel that it isn't reasonable for RPM to continue doing its
thing without telling anyone of any errors or warnings and later going 'doh
because it failed or partially failed (totally failing seems easier to deal with
than partially failing).  Believe me, after doing this once, the second time you
do it to yourself, you sort of feel like the Coyote (oh no!).


-Robert

Comment 3 Jeff Johnson 2000-05-05 19:19:59 UTC

The feature request for rpm is not discarded, only deferred. Before chattr,
the rdonly file system problems need to be resolved, and before that a
less naive scheme than the current netsharedpath mechanism needs to be
devised.

FWIW, part of teaching people to use chattr involves explaining how
the use of chattr affects other programs like rpm, etc ...

Comment 4 Need Real Name 2001-05-03 15:52:54 UTC

This is significantly more serious than the current bug report gives credit.
We recently found a machine with chattr +i on /bin/login and a few other files.
In particular this meant that when upgraded it silently failed up upgrade these
packages, although there was a note on one of the virtual consoles.

This was in relation to a hacking incident - it meant that if the machine
that had been hacked had been upgraded then the back door that the hacker
placed there would have survived.  This _has_ to be an issue, since
traditionally an upgrade would be considered a safe way of removing problems
with a compromised machine.

If nothing else the installation should come up with big red flags complaining
that it cannot upgrade a package.

Julian (unix-support.ac.uk)

Comment 5 Jeff Johnson 2001-08-30 18:25:14 UTC

Collecting RO problems at #52190.

*** This bug has been marked as a duplicate of 52190 ***

Note You need to log in before you can comment on or make changes to this bug.