Package: molly-guard Version: 0.3-2 Severity: wishlist At present molly-guard checks that you are a non-local user before prompting yo for the server name, but this test does not, and can not check for a variety of circumstances where a user is non-local, such as:
- User starts screen session locally, then connects to it remotely. - Machine is being accessed via Integrated Lights-Out Management console. - Machine is one of many attached to a monitor switching device. and other similar scenarios. Ideally this 'always on' behaviour would be controlled by a debconf question on installation which I think should probably default to 'yes', since we should assume that any environment where molly-guard is installed should be conservatively protected from accidental shutdown - else why would it have been installed in the first place? Below is a patch which implements the basic behaviour, however this does not default to 'always on'. ============================================================ diff --git a/shutdown b/shutdown index 29bd8fe..95af392 100755 --- a/shutdown +++ b/shutdown @@ -11,6 +11,9 @@ set -eu ME=molly-guard +ALWAYS_MOLLY=${ALWAYS_MOLLY:-"0"} +[ -f /etc/default/${ME} ] && . /etc/default/${ME} + CMD="${0##*/}" EXEC="/sbin/$CMD" @@ -39,8 +42,8 @@ usage() Instead of invoking $EXEC directly, $ME will prompt the user for the machine's hostname to guard against accidental shutdowns/reboots, if the - current shell is a child of an SSH connection (or --pretend-ssh) has been - given on the command line, if the shell is connected to an interactive + current shell is a child of an SSH connection (or --pretend-ssh has been + given on the command line), if the shell is connected to an interactive terminal, and the actual command to execute is does not involve --help or is \`shutdown -c'. @@ -49,6 +52,9 @@ usage() make $ME echo the command it would execute rather than actually executing it. + $ME will always interpose the prompt if the environment variable ALWAYS_MOLLY + is set to '1'. This variable may be set in the file /etc/default/${ME} . + The actual command's help output follows: _eousage @@ -87,18 +93,22 @@ fi # require an interactive terminal connected to stdin test -t 0 || do_real_cmd -# only run if we are being called over SSH, that is if the current terminal -# was created by sshd. -PTS=$(readlink /proc/$$/fd/0) -if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \ - && [ -z "$SSH_CONNECTION" ]; then - if [ $PRETEND_SSH -eq 1 ]; then - echo "I: this is not an SSH session, but --pretend-ssh was given..." - else - do_real_cmd - fi +if [ ${ALWAYS_MOLLY} -eq 1 ]; then + echo "W: $ME: ${EXEC} is always molly-guarded on this server." else - echo "W: $ME: SSH session detected!" + # only run if we are being called over SSH, that is if the current terminal + # was created by sshd. + PTS=$(readlink /proc/$$/fd/0) + if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \ + && [ -z "$SSH_CONNECTION" ]; then + if [ $PRETEND_SSH -eq 1 ]; then + echo "I: this is not an SSH session, but --pretend-ssh was given..." + else + do_real_cmd + fi + else + echo "W: $ME: SSH session detected!" + fi fi # pass through certain commands ============================================================ -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.24.2-mousy Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_NZ.UTF-8) Versions of packages molly-guard depends on: ii sysvinit 2.86.ds1-38 System-V-like init utilities molly-guard recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]