[arch-projects] [initscripts][PATCH 2/2] rc.d: Add check to cleanly abort rc.d script if user doesn't have root privileges

Tom Gundersen teg at jklm.no
Thu Jul 28 19:32:40 EDT 2011

On Fri, Jul 29, 2011 at 1:14 AM, Seblu <seblu at seblu.net> wrote:
> Dave, Tom, i see your comments in this bug :
> https://bugs.archlinux.org/task/25271 and this doesn't make be happy.
> Here I wanted to make adjustments while maintaining the will to
> implement this bug. As i said from the begining, maybe we cannot want
> to do that...

I just added a quick fix for this release (essentially a revert), we
can figure out what to do properly for the next release.

I think we'll have to turn the logic on its head. By default we should
only block things we know are always ok to block (like Eric's original
patch, we could maintain a list of actions that always need root), or
things which the rc script author has checked are ok to block (the
inverse of how it is now, it should be possible to opt-in for
requiring root).

This way we cannot get regressions in user-created scripts or scripts
that just happen not to have been updated.

Remember that a false positive (trying to do something that requires
root) is always fine, as the call will fail. However, a false negative
(blocking something which does not need root) is not ok as it is
essentially a regression in functionality as Dan points out.



More information about the arch-projects mailing list