NetBSD Problem Report #356
From gnats Thu Jul 21 06:40:59 1994
Received: from sparky.sterling.com (sparky.sterling.com [192.124.9.1]) by sun-lamp.cs.berkeley.edu (8.6.9/8.6.9) with SMTP id GAA03514 for <gnats-bugs@sun-lamp.cs.berkeley.edu>; Thu, 21 Jul 1994 06:40:58 -0700
Message-Id: <199407211245.HAA08069@sierra.weeville.com>
Date: Thu, 21 Jul 1994 07:45:53 -0500
From: dsndata!randy%sierra@sterling.com
Reply-To: dsndata!randy%sierra@sterling.com
To: gnats-bugs@sun-lamp.cs.berkeley.edu
Subject: Symbolically linked /var not supported by /etc/security
X-Send-Pr-Version: 3.2
>Number: 356
>Category: security
>Synopsis: /etc/security does not appear to traverse symbolic links
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: gnats-admin
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jul 21 06:50:04 +0000 1994
>Closed-Date: Mon Jul 06 08:58:28 +0000 1998
>Last-Modified: Mon Jul 06 09:04:32 +0000 1998
>Originator: Randy Terbush
>Release: /etc/security from about the July 2 tar_files
>Organization:
Zyzzyva Enterprises
>Environment:
System: NetBSD sierra.weeville.com 1.0-ALPHA NetBSD 1.0-ALPHA (SIERRA) #6: Wed Jul 20 21:15:32 CDT 1994 kroot@sierra.weeville.com:/usr/src/sys/arch/i386/compile/SIERRA i386
>Description:
Daily security check gives the following errors for my
symbolically linked /var.
Checking special files and directories.
missing: ./var/account
missing: ./var/account/acct
missing: ./var/at
missing: ./var/backups
missing: ./var/db
missing: ./var/db/kvm_vmunix.db
missing: ./var/log
missing: ./var/log/secure
missing: ./var/log/wtmp
missing: ./var/mail
missing: ./var/preserve
missing: ./var/run
missing: ./var/run/utmp
missing: ./var/spool
missing: ./var/spool/ftp
missing: ./var/spool/ftp/bin
missing: ./var/spool/ftp/bin/ls
missing: ./var/spool/ftp/etc
missing: ./var/spool/ftp/etc/group
missing: ./var/spool/ftp/etc/localtime
missing: ./var/spool/ftp/etc/master.passwd
missing: ./var/spool/ftp/etc/passwd
missing: ./var/spool/ftp/hidden
missing: ./var/spool/ftp/pub
missing: ./var/spool/mqueue
missing: ./var/spool/news
missing: ./var/spool/output
missing: ./var/spool/secretmail
missing: ./var/spool/uucp
missing: ./var/spool/uucppublic
sed: *.secure: No such file or directory
mtree: *.secure: No such file or directory
>How-To-Repeat:
symlink /var to /usr/var and run /etc/security
>Fix:
I suspect that -follow needs to be added to 'find', but have
not tested this change.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed
State-Changed-By: mrg
State-Changed-When: Tue May 21 19:06:36 EDT 1996
State-Changed-Why:
this bug is in mtree. perhaps mtree should be fixed to realise that
these directories *do* exist .. but perhaps not.
State-Changed-From-To: analyzed->closed
State-Changed-By: fair
State-Changed-When: Mon Jul 6 01:58:28 PDT 1998
State-Changed-Why:
This PR has been languishing for a long time with no change. Quick examination
of the issue leads me to close the PR because of mtree's use in the
context of /etc/security - it is a check on system integrity. By default,
the source that mtree uses is what is from the NetBSD distribution, i.e. a
conventional system configuration. When a system's configuration deviates
from that expected norm, the mtree files used to check the system
integrity should be changed to reflect the differing filesystem layout, no
matter how it was achieved (symlinks, different mount points, etc).
In particular, since this is an integrity check, changes of this nature in
system configuration are NOT something that mtree should automatically
accept.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home