Description of problem: Right now when /etc/services is updated it will replace the old version. This is a security problem since it may disable iptables the next time it is launched if the firewall configuration uses ports the user added manually to the local section. Since iptables is not checked when services is updated the failure can occur much later. People do not allways stay before the boot screen to check no service failed (and since the system will usually behave the same without iptables the problem might not be identified till the system is rooted)
Taking as part of bugweek.
Fixed in setup-2.5.34-2
Of course, this means that now if you edit /etc/services, packages may not work correctly. Really need an /etc/services.d/ or something to avoid people having to edit a file that needs to be automatically updated.
Agreed, in the long run we'll need something like you propose.
I'm removing the security severity of this issue. This should no longer be a security issue.
Do you mean iptables no longuer silently stops at startup if one of its rules uses a port that was undeclared by an /etc/services update ? That's why the bug was declared security severity
Changing to ASSIGNED. Rick, can you confirm Nicolas question? Nicolas, would you please file an enhancement request with Owen's proposal? Thanks
Will do
As the new setup package now contains nearly the complete official IANA list i think we can safely close this bug as RAWHIDE. If there are any more services missing they are unofficial and need to be added manually from a sysadmin now then anyway. Read ya, Phil