Bug#546401: marked as done (sysv-rc: Please reintroduce support for /etc/rc.boot)

Thu, 27 Dec 2018 02:30:33 -0800 

Your message dated Thu, 27 Dec 2018 10:26:40 +0000
with message-id <[email protected]>
and subject line Bug#546401: fixed in sysvinit 2.93-2
has caused the Debian Bug report #546401,
regarding sysv-rc: Please reintroduce support for /etc/rc.boot
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
546401: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546401
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: sysvinit
Version: 2.87dsf-3
Severity: critical

from the changelog:

  * Drop execution of files in /etc/rc.boot from sysv-rc.  This feature
    have been obsolete since before 1999.  Remove the rc.boot(5) manual
    page from the source as well.

WTF?

WHY?

this bone-headed decision just left my entire network wide open to
the internet because my /etc/rc.boot/00firewall script didn't run
after rebooting to upgrade to kernel 2.6.31, and the flood of spambots
took down my mail server along with associated load-related problems
(hundreds of CRON jobs starved for CPU, rsyslog and named maxed out)

and it was only "luck" that one of my testing accounts (with an insecure
dictionary-word password) had /bin/false as the shell - otherwise the
machine would have been compromised via ssh.

Sep 12 20:44:21 taz sshd[21285]: Accepted password for USERNAME_CENSORED from 
70.90.124.130 port 57020 ssh2


similarly, my /etc/rc.boot/ scripts to mail dmesg to root, and to use
blockdev to setra on all my drives didn't run either.


where the hell else am i supposed to put such scripts?

/etc/rc.boot hasn't been OK for packages to use for years, but it is THE
location for local boot scripts to exist, with all the usual benefits
of being run by run-parts (e.g. files with "." in them not executed).

it's listed in the Debian FAQ /usr/share/doc/debian/FAQ/debian-faq.en.txt.gz
at around line 3500:

     "Then, for compatibility, it runs the files (except those with a
     `.'in the filename) in `/etc/rc.boot/' too.  Any scripts in the
     latter directory are usually reserved for system administrator use,
                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     and using them in packages is deprecated."


please revert this change, or at least provide an equivalent alternative.
you can't just take away useful - even vital - functionality like this
without warning.



flagged as critical because of the security problems this causes.

craig

-- 
craig sanders <[email protected]>

--- End Message ---
--- Begin Message --- 
Source: sysvinit
Source-Version: 2.93-2

We believe that the bug you reported is fixed in the latest version of
sysvinit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Bogatov <[email protected]> (supplier of updated sysvinit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Dec 2018 09:49:41 +0000
Source: sysvinit
Binary: sysvinit-core sysvinit-utils sysv-rc initscripts bootlogd
Architecture: source
Version: 2.93-2
Distribution: unstable
Urgency: medium
Maintainer: Debian sysvinit maintainers 
<[email protected]>
Changed-By: Dmitry Bogatov <[email protected]>
Description:
 bootlogd   - daemon to log boot messages
 initscripts - scripts for initializing and shutting down the system
 sysv-rc    - System-V-like runlevel change mechanism
 sysvinit-core - System-V-like init utilities
 sysvinit-utils - System-V-like utilities
Closes: 546401 717356 725970 822753 823660 915159 915671 916624
Changes:
 sysvinit (2.93-2) unstable; urgency=medium
 .
   * Update German translation of debconf templates (Closes: #915159)
     + Thanks: Chris Leick <[email protected]>
   * Fix support of /tmp being symbolic link to non-existent directory
     (Closes: #915671)
     + Thanks: Serge Belyshev <[email protected]>
     + Thanks: Thorsten Glaser <[email protected]>
   * Invoke top-level upstream Makefile from `debian/rules'. This
     way VERSION macro is set correctly in source code.
   * Update French translation of debconf templates (Closes: #916624)
     + Thanks: Steve Petruzzello <[email protected]>
   * Remove misleading commends in `/etc/init.d/rc' (Closes: #717356)
     + Thanks: Алексей Шилин <[email protected]>
   * Disable concurrent boot if kernel boot parameter `concurrency=none'
     is present (Closes: #725970)
   * Re-introduce support for /etc/boot.d directory with scripts
     (Closes: #546401)
   * Fix bug number typo in changelog (Closes: #823660)
   * Do not mask errors in `init-d-script' (Closes: #822753)
Checksums-Sha1:
 b008b1860ed8296012616a56ed9fa9af6a4533a0 2769 sysvinit_2.93-2.dsc
 a5c7282a0ccf8a9fbfd43ae0e2472fec68610955 128652 sysvinit_2.93-2.debian.tar.xz
Checksums-Sha256:
 ba73ac6cfe33eff94de02ea63222c72cfd8aed4f3d7d065ffc84f9ac1ad4c886 2769 
sysvinit_2.93-2.dsc
 22750c8ad322af38bfe0926288cc534a20fbb55addee2db0b21bb11e4f37bfb6 128652 
sysvinit_2.93-2.debian.tar.xz
Files:
 542eb2ae3c6a4827b919904aabb2ee81 2769 admin optional sysvinit_2.93-2.dsc
 018d1fe0b8043bf8672f7b6f3ed9e33f 128652 admin optional 
sysvinit_2.93-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEhnHVzDbtdH7ktKj4SBLY3qgmEeYFAlwkodsTHGthY3Rpb25A
ZGViaWFuLm9yZwAKCRBIEtjeqCYR5tkmD/47nVZfoBXhBPOntlA9Fahtxh+g1fqL
J0kllw+HOB5F14Zd7t3ATKdJtxayWSz2w5HW6vlYuoQIEC9fTtIEkvx7maed4DIS
epA9W0j3cMh3dAD7dua6LOXEhL0XK3ooGQZg5NSBKGO1lM3qxDFuhTKqklNcNL9i
5pWQ+RLvSiVfuoNYEYJIaad6IwNfhCw+/LS6K/ZLPOacYFuS7zp38MJxTiPYaTCd
svlP1qzFA4Ip/V6FNqp0itKZaxnmESWrxODumz6/dzHx0X90I1OP4T9PJp5Faas0
lZNHLbg57sZY37KIByzF4mkNHgideyqsZ3HQquVSgeNJ5Q7KPvkts5zmEf8m8iVM
uQ/vB3amkORoKrUwk/566m1GcrjAFsb+YMcN9l7lpCi7kdkUn/3RYupQW6fMCQ2+
YrXJMvPGyD7AGxTizZXZ39MIybOkvtWQQm+QY/huYndkuk9xPOXDPO+HEtzmhX8c
KbOdejI2V42TUSBcwaDYfKSOIBoZnIeaqpAvUXcO78ed4zM+pzlF5u4sPjEiBPlU
Ns1/s5gq5n9+jK46GuU5P/Ii7HTrmjrRQMQZ61FHevYKkb7+lWCXB4LoCPyRGiVp
3BXBM66YHV17DMVU3UytBQUPvmiF2zpxIXxNMzkq/jXJG4WWpDlwv+6371lYgyV+
0eL1j1MPso3Zyg==
=W3cd
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to