clone 591722 -1 -2 retitle 591722 usb-modeswitch: Broken assumptions on availability of /usr/bin/* and /var/log at boot time severity 519722 important retitle -1 usb-modeswitch: Recursive greps overs udev rules slow down the boot severity -1 important retitle -2 usb-modeswitch: Insecure usage of /tmp/gsmmodem_* severity -2 grave retitle -3 severity -3 normal thanks
Hi Carlo and Marco, and thanks for reporting and reassigning this bug. I'm hereby cloning it in various parts in order to track the various issues you reported separately. debian-security: the -2 above might be of interest, as advised by Marco. Josua (upstream): please comment on the various bugs separately if possible. On Thu, 5 Aug 2010 02:50:22 +0200, m...@linux.it (Marco d'Itri) wrote: > For a start, usb_modeswitch is broken because it expects /usr/bin/tclsh > (and /usr/bin/logger, and /var/log/ and probably more) to be available > at boot time. That will be tracked as #591722. > To the usb_modeswitch maintainer: please also remove from the script > crap like the recursive greps over /etc/udev/rules.d /lib/udev/rules.d > which make the boot unnecessarily slower. If this is needed because > another package is buggy then have if fixed and add a conflict. That will be tracked as #-1. > And unless I am missing something, the usage of /tmp/gsmmodem_* is > insecure (if confirmed, please clone the bug and contact the security > team). And expected to *not* work at boot time. And subject to races. > And just plain ugly. What did the author think? This as #-2. > Last but not least, if the program started by a RUN rule really needs to > sleep multiple times (hint: probably not with a modern kernel) then it > must fork and daemonize. And this as #-3. Thanks in advance for eventual advices, OdyX -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
