Re: possible bugs in xfs-related packages
On Tue, 23 Nov 1999, Ethan Benson wrote:
> On 23/11/99 Henrique M Holschuh wrote:
> 
> >Maybe the xfs packages will need to be started already suid to a xfs user
> >after all... :-(
> 
> I assume you mean its running into permission problems with 
> /var/run/xfs.pid?  (i can't think of anything else it needs 
> privileges for that it does not have as nobody)
I don't really know. xfs-xtt shouldn't need to touch that file when it
receives a SIGUSR1, so why would it die? Now, I don't know about the socket
stuff in /tmp, but something else might be amiss here. That's why I filled
this as a separate bug.
I do know my old xfs-xtt (Xfree86's xfs v.3.3.1 + X-TT patch 1.3) accepted
these signals happly, and it was run in a non priviledged uid.
> this would be solved by the subdirectory in /var/run that xfs can 
> write to its pid.
But the sockets would still be uid nobody, and thus to crash someone's
xserver you only need to break nobody and trash them. This is most certainly
Not a Good Thing.
> and further to this, xfs should not be run as nobody, I do not think 
> anything that writes to files anywhere should be running as nobody 
> but rather its own user (please see recent archives on this)
I agree. The xfs man page actually warns against using -user...
> xfs user defined in debian for this use. (Wichert I think your 
> maintainer of base-passwd, comments?)
That would fix things, and overall improve security, I think. Especially
since attacking xfs results easily in XFree86 crashes, so we're talking
about really easy-to-do DoS here once something running as nobody is
subverted. Heck, you just need to kill -HUP <xfs-xtt pid> as nobody to
manage it right now... 
This is broken Xserver behaviour, of course, and I already filled a bug
against xserver-common, #51086.
This means we either run xfs as root (BAD) or as its own user until Xfree86
learns to cope better with font servers, or we risk a xserver segfault :^(
It's up to the base-passwd, xfs, xfstt and xfs-xtt maintainers now, I think.
> also I think that there should be no files anywhere owned by nobody 
> and currently that is required because the xfs's run as nobody.
Hmm...
# find -user nobody
./var/tmp/.font-unix
./var/tmp/.font-unix/fs7100
and of course the proc entries for processes running as nobody.
So, the only package being nasty in my system by having files owned by
nobody is xfs-xtt.
-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh 
Reply to: