Re: SECURITY PROBLEM: autofs [all versions]

[Josip Rodin <joy@cibalia.gkvk.hr>]

On Wed, Jul 05, 2000 at 06:57:03PM -0400, Christopher W. Curtis wrote:
> > Before running a program, well-written unix code does not have to check to
> > see if
> > 
> > * the program exists
> 
> then why do the scripts check '-f' ?

> > The test -f is added for a wholly different reason.

It's a non-standard check that has to do with Debian policy. Nobody's saying
that we couldn't enhance it somehow, just that it's not so horribly wrong.

> Perhaps poilcy should change then, since people aren't inclined to
> believe that '-x' is "like" '-f', but fails under fewer circumstances?

Policy says nothing related to that. If you wish to change the policy,
please use the appropriate methods, don't rant on debian-devel.

> No, everyone else has been trying to tell me that
> 
> ~# chmod -x /sbin/portmap
> ~# /etc/init.d/portmap restart
> Stopping portmap daemon: portmap.
> Starting portmap daemon: portmapstart-stop-daemon: Unable to start
> /sbin/portmap: Permission denied
> .
> 
> is either "right"

It's not wrong as in that it would warrant a bug report with a severity
higher than wishlist.

> or that a test -x is not 'better'.

I saw no such statement...

-- 
Digital Electronic Being Intended for Assassination and Nullification