Re: [Bastille-linux-discuss] bastille-firewall-early.sh, B_place, 'rpm -e' again
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
Menu
▾
▴
Re: [Bastille-linux-discuss] bastille-firewall-early.sh, B_place, 'rpm -e' again
|
From: Jay B. <ja...@ba...> - 2001-05-13 03:41:41
|
In the wise words of Peter W: > It's mostly minor, yes, but I htink this raises the old 'rpm -e' question > again. Comments follow. > > On Sat, May 12, 2001 at 12:07:00PM -0400, James W. Durkin wrote: > > > I believe there is a (relatively) small problem in the current version > > of the main Bastille RPM. > > > > The file "bastille-firewall-early.sh" is placed directly into > > /etc/Bastille rather than into /usr/share/Bastille, as is the case > > with the other firewall files (e.g., "bastille-firewall"). The result > > is that the following code in Firewall.pm fails > > Jay? I think this one is yours! IIRC, Jay changed this for Mandrake users, > something about their "tinyfirewall" package... I forget exactly what/why. Right. So, I don't think this was to make tinyfirewall work. It looks like an oversight on my part that happened to slip by because it didn't "break" anything during testing. This is where I remind myself that code audits are good things. (We'll begin a formalized one shortly after 1.2.0 is out.) > > I guess the permissions on the copied file ($firewall_early_file) > > might want to be 0500 as well, since it is a script. > > The problem this does raise is that the "early" script may be improperly > vaporized if someone removes the Bastille package. Wehad a long thread > about this a while back, but I haven't looked at recent spec files to see > if Jay implemented the pre-uninstall and post-uninstall routines needed to > ensure that would not happen. Jay? I don't really remember this, but I'll make sure we get this into the spec file and rebuild the rpm. - Jay |
