Re: Bug#58640: wrapper does not handle fakeroot well

To: Fabrizio Polacco <fpolacco@debian.org>, 58640@bugs.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#58640: wrapper does not handle fakeroot well
From: Colin Phipps <crp22@cam.ac.uk>
Date: Tue, 22 Feb 2000 19:34:31 +0000
Message-id: <20000222193431.A624@crp22.trin.cam.ac.uk>
In-reply-to: <20000222093122.D2402@none>; from fpolacco@debian.org on Tue, Feb 22, 2000 at 09:31:22AM +0200
References: <20000221145227.A679@globix.net> <20000222093122.D2402@none>

On Tue, Feb 22, 2000 at 09:31:22AM +0200, Fabrizio Polacco wrote:
> On Mon, Feb 21, 2000 at 02:52:27PM -0500, Clint Adams wrote:
> > Package: man-db
> > Version: 2.3.10-71
> > Severity: important
> > 
> > % fakeroot sh
> > sh-2.03# man man
> > Password: 
> > 
> 
> Jeah, it's because of the test 
> 
> 	[ `id -u` = 0 ] 
> 
> Joost, is there a simple way to test if a "root" is a "fakeroot"
> instead?

Don't even think about testing for fakeroot. 

> >From a shell script or even from a C prog (I'm convincing myself that I
> need to rewrite the wrapper in C and make it suid nobody ... or forget
> this wrapper stuff at all :-).

Nothing is owned by nobody, and certainly nothing should be suid nobody :-).
Actually, I think the whole idea of the man wrapper su'ing to nobody is 
flawed, because the temporary files created while decompressing manpages 
could be owned by nobody.

What's wanted is a wrapper like this:

#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>
#include <stdio.h>

int main(int argc, char**argv)
{
  if (!getuid()) {
    /* Don't risk executing setuid program man as root */
    struct passwd *pwd;
    const char    *manuser = "man";

    pwd = getpwnam(manuser);
    if (!pwd ||
	setgid(pwd->pw_gid) ||
	initgroups(manuser, pwd->pw_gid) ||
	setuid(pwd->pw_uid)) {
      perror("failed su to man");
      return -2;
    }
    chdir(pwd->pw_dir);
  }
  /* Chain to man */
  execv("/usr/lib/man-db/man",argv);
  perror("execv");
  return -1;
}

which just completely su's to man when root runs man.
(or create a new account to run root manpage accesses under, and modify
accordingly)

This is not necessarily only applicable to man.. are there any other setuid
programs (to uid's other than root) which this would apply to?

Still doesn't work with fakeroot though... I haven't looked into that yet. 

Perhaps you'd like to enlighten me - why is mandb setuid man anyway? If man 
calls mandb when the db needs updating, then it can pass the setuid man 
priviledges to it. I can't think offhand why ordinary users would need to use 
mandb directly, maybe I'm overlooking something though.

-rwx--x--x    1 cph      cph          3612 Feb 22 19:27 man
-rw-------    1 cph      cph           600 Feb 22 19:05 man.c

Colin

Reply to:

Follow-Ups:
- Re: Bug#58640: wrapper does not handle fakeroot well
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Re: Bug#58640: wrapper does not handle fakeroot well
  - From: Fabrizio Polacco <fpolacco@debian.org>

Prev by Date: Debian netbase 3.17-1 init.d scripts
Next by Date: Re: wterm in potato
Previous by thread: Re: Bug#58640: wrapper does not handle fakeroot well
Next by thread: Re: Bug#58640: wrapper does not handle fakeroot well
Index(es):
- Date
- Thread