[slackware-security]  REVISED quotacheck security fix in rc.M (SSA:2003-141-06a)

NOTE:  The original advisory quotes a section of the Slackware ChangeLog
which had inadvertently reversed the options to quotacheck.  The correct
option to use is 'm'.  A corrected advisory follows:


An upgraded sysvinit package is available which fixes a problem with
the use of quotacheck in /etc/rc.d/rc.M.  The original version of
rc.M calls quotacheck like this:

    echo "Checking filesystem quotas:  /sbin/quotacheck -avugM"
    /sbin/quotacheck -avugM

The 'M' option is wrong.  This causes the filesystem to be remounted,
and in the process any mount flags such as nosuid, nodev, noexec,
and the like, will be reset.  The correct option to use here is 'm',
which does not attempt to remount the partition:

    echo "Checking filesystem quotas:  /sbin/quotacheck -avugm"
    /sbin/quotacheck -avugm

We recommend sites using file system quotas upgrade to this new package,
or edit /etc/rc.d/rc.M accordingly.


Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Tue May 20 20:13:09 PDT 2003
patches/packages/sysvinit-2.84-i386-26.tgz:  Use option m, not M, for quotacheck.
  Otherwise, the partition might be remounted losing flags like nosuid,nodev,
  noexec.  Thanks to Jem Berkes for pointing this out.
  (* Security fix *)
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 9.0: 




MD5 SIGNATURES:
+-------------+

Slackware 9.0 package:
966281dbd4e8cac23264021b9ad48f61  sysvinit-2.84-i386-26.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade using upgradepkg (as root):

upgradepkg sysvinit-2.84-i386-26.tgz

Then, you'll need to move the new version of rc.M into place, as rc.M
is considered a config file and upgradepkg will not overwrite these by
default:

mv /etc/rc.d/rc.M.new /etc/rc.d/rc.M



+-----+

Slackware Linux Security Team 
slackware
security@slackware.com

Slackware: UPDATED: quotacheck

May 23, 2003
An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in /etc/rc.d/rc.M.

Summary

Here are the details from the Slackware 9.0 ChangeLog: Tue May 20 20:13:09 PDT 2003 patches/packages/sysvinit-2.84-i386-26.tgz: Use option m, not M, for quotacheck. Otherwise, the partition might be remounted losing flags like nosuid,nodev, noexec. Thanks to Jem Berkes for pointing this out. (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated package for Slackware 9.0: MD5 SIGNATURES: Slackware 9.0 package: 966281dbd4e8cac23264021b9ad48f61 sysvinit-2.84-i386-26.tgz INSTALLATION INSTRUCTIONS: Upgrade using upgradepkg (as root): upgradepkg sysvinit-2.84-i386-26.tgz Then, you'll need to move the new version of rc.M into place, as rc.M is considered a config file and upgradepkg will not overwrite these by default: mv /etc/rc.d/rc.M.new /etc/rc.d/rc.M Slackware Linux Security Team slackware security@slackware.com

Where Find New Packages

MD5 Signatures

Severity
[slackware-security] REVISED quotacheck security fix in rc.M (SSA:2003-141-06a)
NOTE: The original advisory quotes a section of the Slackware ChangeLog which had inadvertently reversed the options to quotacheck. The correct option to use is 'm'. A corrected advisory follows:
An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in /etc/rc.d/rc.M. The original version of rc.M calls quotacheck like this:
echo "Checking filesystem quotas: /sbin/quotacheck -avugM" /sbin/quotacheck -avugM
The 'M' option is wrong. This causes the filesystem to be remounted, and in the process any mount flags such as nosuid, nodev, noexec, and the like, will be reset. The correct option to use here is 'm', which does not attempt to remount the partition:
echo "Checking filesystem quotas: /sbin/quotacheck -avugm" /sbin/quotacheck -avugm
We recommend sites using file system quotas upgrade to this new package, or edit /etc/rc.d/rc.M accordingly.

Installation Instructions

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved