Re: Stop reporting non-bugs as bugs!
[ Martin Schulze, please excuse this non-maintainer close of this bug,
but it is not a bug and could hold up hamm otherwise. ]
Joey Hess <joey@kitenet.net> writes:
> All of these should be closed. You've given fine explinations that can be
> used in closing them.
Wow, I'm not being flamed :-)
> > #24897 has changes to documentation. Not a bug. Send it upstream.
>
> Well, I think this is a valid wishlist bug, though I haven't read it.
Normally I'd agree. However, if you look at his diff, he is wanting
to increment the version number of the FAQ, make the author appear to
be himself, and make various other changes to documentation. The diff
is quite large, too. Debian clearly cannot go about applying diffs to
packages to change version numbers on included documentation.
> The bug has been confirmed through source code review and
> testing on a single machine. Independent confirmation should
He said the same thing about other non-bugs. :-)
> Details of the bug are being deliberately withheld to give
...
> request, please send e-mail to jbj@image.dk and state why
> you have a legitimate interest in this sensitive information.
This concerns me too.
> Bug #24905
> cfingerd version 1.3.2 runs all external executables and
> scripts with root privileges. This includes fake user
> scripts, user invoked scripts and all helper applications.
It appears to be written to drop extra privs, but I am unsure why it
needs to run as root in the first place -- why not nobody?
No, this is no bug. Read cfingerd.conf(5):
ALLOW_EXECUTION will allow users to execute scripts in
place of their .plan, .project, and .pgp files. This is
used to display the standard output of another program
directly to the screen of the user. Keep in mind that
this is a HUGE security risk, should you choose to use it.
It's normally suggested that this remain off, but you can
turn it on if necessary. Nevertheless these programs are
called as nobody.nogroup.
To be sure, I never got it to execute anything. And you're warned
about it anyway.
This may be a compile-time option to disable ALLOW_EXECUTION
completely, so I think we can close this bug.
> For more information, please read privs.h in the cfingerd
> source and understand, that as long as cfingerd can issue
> a sequence of system calls to regain root privileges, so
> can any script invoked from cfingerd, as well as any
NO, THIS IS NOT TRUE.
When you call exec...(), the real and effective user IDs are left
unchanged. This you may have already known. HOWEVER, the SAVED
set-user ID is copied from the effective user ID! This means that
once you have called exec, it is NOT possible to regain root priviledges.
> As a simple test, enable a fakeuser and modify the script to look
> like this:
>
> #!/bin/bash
> echo ${UID} ${EUID}
>
> Then finger the fakeuser and notice that the output looks like
> this:
>
> 0 0
>
> meaning root root!
Environment variables mean nothing. But you are right anyway:
root@garfield:/etc/cfingerd# finger test@localhost
[localhost]
uid=0(root) gid=0(root) groups=0(root)
However, these scripts can only be created by root. They must be
mentioned in the config file, which can only be edited by root. You
are advised to make them mode 0700, owned by root. Where's the hole
there?
--
John Goerzen Linux, Unix consulting & programming jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
----------------------------------------------------------------------------+
Visit the Air Capital Linux Users Group on the web at http://www.aclug.org
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: