Revision 24220,
929 bytes
checked in by broder, 15 years ago
(diff) |
In liblocker:
* Make /var/run/attachtab/.{,dir}lock owned by root at startup to
prevent a potential DoS from the first user to attach a locker.
* Make /var/run/attachtab/ 770 instead of 777 to prevent unprivileged
users from being able to get to and potentially manipulate entries
they created in the attachtab.
* Don't ship the attachtab as part of the package; instead create it
during installation by running the init script.
|
Line | |
---|
1 | #!/bin/sh |
---|
2 | ### BEGIN INIT INFO |
---|
3 | # Provides: attachtab |
---|
4 | # Required-Start: $local_fs |
---|
5 | # Required-Stop: |
---|
6 | # Default-Start: S |
---|
7 | # Default-Stop: |
---|
8 | # Short-Description: Creates attachtab. |
---|
9 | # Description: Creates /var/run/attachtab. |
---|
10 | ### END INIT INFO |
---|
11 | |
---|
12 | if [ -e /lib/lsb/init-functions ]; then |
---|
13 | . /lib/lsb/init-functions |
---|
14 | else |
---|
15 | alias log_action_begin_msg="echo -n" |
---|
16 | log_action_end_msg () { |
---|
17 | echo . |
---|
18 | } |
---|
19 | fi |
---|
20 | |
---|
21 | case "$1" in |
---|
22 | start) |
---|
23 | for dir in /var/run/attachtab \ |
---|
24 | /var/run/attachtab/directory \ |
---|
25 | /var/run/attachtab/locker \ |
---|
26 | /var/run/attachtab/mountpoint; do |
---|
27 | if ! [ -e "$dir" ]; then |
---|
28 | mkdir -m 2770 "$dir" |
---|
29 | chown root:attach "$dir" |
---|
30 | fi |
---|
31 | done |
---|
32 | for lock in /var/run/attachtab/.lock \ |
---|
33 | /var/run/attachtab/.dirlock; do |
---|
34 | touch "$lock" |
---|
35 | chown root:attach "$lock" |
---|
36 | chmod 660 "$lock" |
---|
37 | done |
---|
38 | ;; |
---|
39 | restart|stop|force-reload) |
---|
40 | ;; |
---|
41 | *) |
---|
42 | echo "Usage: $0 {start}" >&2 |
---|
43 | exit 3 |
---|
44 | ;; |
---|
45 | esac |
---|
46 | |
---|
47 | : |
---|
Note: See
TracBrowser
for help on using the repository browser.