Bug 21061 - (kudzu, /tmp/ranXconfig) 'This is a sick and gross hack' opens up oppetunites for mischif
(kudzu, /tmp/ranXconfig) 'This is a sick and gross hack' opens up oppetunites...
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: kudzu (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-18 18:00 EST by Andrew Bartlett
Modified: 2014-03-16 22:17 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-18 18:00:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Bartlett 2000-11-18 18:00:21 EST
This code in hwconf.c
        if (x==0) {
                /* This is a sick and gross hack. */
                fd=open("/tmp/ranXconfig",O_CREAT|O_EXCL,0644);
                if (fd!=-1) close(fd);
        }

and the corrosponding test in /etc/rc.d/init.d

        # However, if they did configure X and want runlevel 5, let's
        # switch to it...
        if [ -f /tmp/ranXconfig ]; then
            grep -q "^id:5:initdefault:" /etc/inittab && telinit 5
        fi

Can allow a user to force a system into run-level 5, even if the sys-admin
selected level 3 at bootup.  (Assuming that run-level 5 is the default) 

This is done by a simple 'touch /tmp/ranXconfig', and will confuse the
inexpreinced admin no end.  (Tested on RH 7, looks like it will work on
6.2)

Wouldn't it be better to use an environemnt variable or the like to convay
this instruction?  (Or at least check that root put the file there in the
first place)
Comment 1 Bill Nottingham 2000-11-19 01:02:28 EST
Environment variables would be tricky; you can't really populate the environment
of the parent script. The simplest solution is to change it to write somewhere
safer (say, /var/run.)

Will be fixed in kudzu-0.80-1.

Note You need to log in before you can comment on or make changes to this bug.