Subject: bin/12752: /etc/rc.d/ipfilter status is nonstandard
To: None <gnats-bugs@gnats.netbsd.org>
From: Tim Rightnour <root@polaris.garbled.net>
List: netbsd-bugs
Date: 04/25/2001 12:08:09
>Number: 12752
>Category: bin
>Synopsis: /etc/rc.d/ipfilter status is nonstandard
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Apr 25 11:51:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Tim Rightnour
>Release: 1.5<NetBSD-current source date>
>Organization:
>Environment:
System: NetBSD polaris 1.5_ALPHA2 NetBSD 1.5_ALPHA2 (POLARIS) #1: Wed Dec 13 00:45:28 MST 2000 root@polaris:/usr/src/sys/arch/i386/compile/POLARIS i386
>Description:
/etc/rc.d/ipfilter does not produce output consistent with every other
script in /etc/rc.d. This makes it impossible to write any sort of
automation that reads the output, and then makes decisions based uopn that.
If you run any script in /etc/rc.d, you get:
polaris# /etc/rc.d/yppasswdd status
yppasswdd is running as pid 22262.
If you run ipfilter as root, you get:
polaris# /etc/rc.d/ipfilter forcestatus
ipf: IP Filter: v3.4.9 (264)
Kernel: IP Filter: v3.4.9
Running: no
Log Flags: 0 = none set
Default: pass all, Logging: unavailable
Active list: 0
if you run it as a normal user, you get:
polaris% /etc/rc.d/ipfilter forcestatus
ipf: IP Filter: v3.4.9 (264)
open device: Permission denied
>How-To-Repeat:
Try running the script.
>Fix:
The status function should be rewritten to read ipf -V's output and
do the right thing. While a PID might be impossible, running/not running
seems to be indicated. The non-root-user behavior is unfortunate, and
perhaps cannot be fixed without mangling ipf.
The other functions should also be checked for thier output, as I have not
tried them.
>Release-Note:
>Audit-Trail:
>Unformatted: