Comment 1 for bug 7496

On Sat, 07 Aug 2004 20:38:06, Zygo Blaxell wrote:
> Package: initscripts
> Version: 2.86-1
> Severity: normal
>
> While rejecting modifications to bootclean.sh today, I noticed a line
> that read:
>
> :>> /tmp/.clean
>
> This suggests at least a file creation security vulnerability exploitable
> as follows:

Well, it would indeed be a good idea to remove /tmp/.clean early in
the boot process to prevent this. However on a standard system this
cannot happen.

At shutdown time, /etc/init.d/umountnfs.sh (which is really badly
named, I admit) removes /tmp/.clean, so that should be sufficient.

Unless an attacker creates a symlink in /tmp/.clean and finds
a way to hard-reboot the kernel (using say a kernel vulnerability
like 2.4.25 had).

Severity can stay at "normal" for now, I guess.

Mike.