Bug 21061 - (kudzu, /tmp/ranXconfig) 'This is a sick and gross hack' opens up oppetunites for mischif
Summary: (kudzu, /tmp/ranXconfig) 'This is a sick and gross hack' opens up oppetunites...
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kudzu   
(Show other bugs)
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-11-18 23:00 UTC by Andrew Bartlett
Modified: 2014-03-17 02:17 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-18 23:00:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Andrew Bartlett 2000-11-18 23:00:21 UTC
This code in hwconf.c
        if (x==0) {
                /* This is a sick and gross hack. */
                fd=open("/tmp/ranXconfig",O_CREAT|O_EXCL,0644);
                if (fd!=-1) close(fd);
        }

and the corrosponding test in /etc/rc.d/init.d

        # However, if they did configure X and want runlevel 5, let's
        # switch to it...
        if [ -f /tmp/ranXconfig ]; then
            grep -q "^id:5:initdefault:" /etc/inittab && telinit 5
        fi

Can allow a user to force a system into run-level 5, even if the sys-admin
selected level 3 at bootup.  (Assuming that run-level 5 is the default) 

This is done by a simple 'touch /tmp/ranXconfig', and will confuse the
inexpreinced admin no end.  (Tested on RH 7, looks like it will work on
6.2)

Wouldn't it be better to use an environemnt variable or the like to convay
this instruction?  (Or at least check that root put the file there in the
first place)

Comment 1 Bill Nottingham 2000-11-19 06:02:28 UTC
Environment variables would be tricky; you can't really populate the environment
of the parent script. The simplest solution is to change it to write somewhere
safer (say, /var/run.)

Will be fixed in kudzu-0.80-1.


Note You need to log in before you can comment on or make changes to this bug.