No pre-up phase for networking with upstart and NetworkManager
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| upstart (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: upstart
Hi,
karmic's combination of upstart and NetworkManger contains a security flaw:
There is no pre-up phase anymore where someone can put shell script commands to configure firewalling in.
/etc/init/
"local-filesystems and stopped udevtrigger" become true.
Even if one puts another script into /etc/init which runs as soon as local-filesystems are up, there is no guarantee that it is actually run before interfaces are taken up.
Even worse, NetworkManager does not provide pre-up phases either.
So I do not see a clean way to have firewall rulesets configured before the network interfaces other than lo are taken up.
ProblemType: Bug
Architecture: i386
Date: Tue Nov 17 14:29:05 2009
DistroRelease: Ubuntu 9.10
Package: upstart 0.6.3-10
ProcEnviron:
LANG=en_US.UTF-8
SHELL=
ProcVersionSign
SourcePackage: upstart
Uname: Linux 2.6.31-14-generic i686
| Hadmut Danisch (hadmut) wrote | #1 |
| Jamie Strandboge (jdstrand) wrote | #2 |
| visibility: | private → public |
| Changed in upstart (Ubuntu): | |
| status: | New → Invalid |
Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is essentially a duplicate of bug 461725, so it is being marked as such. Rather than using if-pre-up.d, you can instead create an appropriate upstart job. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.