Re: PATCH: scripts/package/mkspec

From: Kevin Fenzi
Date: Sat Jan 01 2005 - 17:19:14 EST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Wichert" == Wichert Akkerman <wichert@xxxxxxxxx> writes:

Wichert> Previously Kevin Fenzi wrote:
>> So, after installing the kernel rpm it checks for /sbin/mkinitrd
>> and makes an initrd file for the newly installed kernel rpm. It
>> also checks for a /sbin/new-kernel-package command and runs it on
>> the new kernel if it exists to add the new kernel/initrd to
>> grub/lilo.

Wichert> Why not use the same system as the Debian package uses? That
Wichert> runs everything in /etc/kernel/postinst.d/ after installing
Wichert> and everything in /etc/kernel/prerm.d/ before removing a
Wichert> package.

Wichert> That is much more flexible than hardcoding something like
Wichert> mkinitrd or new-kernel-package: it works on all architectures
Wichert> and gives the administratie full freedom to hook into things.

Humm... yeah, there would be some advantages to that kind of setup.
Flexable, easier to add/remove things you want done on
install/uninstall.

However, it seems like it would also be most vulnerable to security
issues. All an attacker needs to do is get a link/file into one of
those dirs and they could execute any commands they like.

Also, seems like it would be harder to audit and see whats going to
happen on install/removal.

Are a base set of commands/scripts provided by the kernel package? Or
do they come in some other package?

Wichert> Wichert.

kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFB1yGn3imCezTjY0ERAhJZAJ9J306nUzO03wXRrIjg5RCKptJbagCffKqV
3HIHMSWenBkhVSLlqictlUc=
=ccl2
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/