[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

[At the risk of letting this get lost in the shuffle of this

Seth Vidal wrote:
> If there are pkgs which run daemons which are defaulting to ON when
> installed or on next reboot - then we should be auditing those pkgs.
> Last I checked we default to OFF and that should continue to be the
> case.

I happened to install func the other day on several Fedora and CentOS
boxes and was surprised that both services defaulted to on.

Trying this on clean Fedora 12 box I found that a combination of a
poor init script and the presence of redhat-lsb had prevented the
services from being configured as the packages intend them to be:

$ sudo yum install certmaster
$ sudo chkconfig --list certmaster
service certmaster supports chkconfig, but is not referenced in any runlevel (run 'chkconfig --add certmaster')

The problem is that %post checks first for the presence of
/usr/lib/lsb/install_initd, which redhat-lsb provides:

# for suse
if [ -x /usr/lib/lsb/install_initd ]; then
  /usr/lib/lsb/install_initd /etc/init.d/funcd
# for red hat distros
elif [ -x /sbin/chkconfig ]; then
  /sbin/chkconfig --add funcd

Fortunately, neither funcd nor certmaster provide critical things
like, say, remote control of a system. ;)

Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
We are free not because we claim freedom, but because we PRACTICE it.
    -- William Faulkner

Attachment: pgpJQ8YMlHq4K.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]