Re: Bug#58640: wrapper does not handle fakeroot well
On Wed, Feb 23, 2000 at 08:08:37AM +1100, Hamish Moffatt wrote:
> On Mon, Feb 21, 2000 at 11:09:22PM -0900, Ethan Benson wrote:
> > suid nobody will bring back the original reason for the wrapper in the
> > first place, the concern was if uid man was compromised it can replace
> > the man binaries since it owns them, if it were suid nobody if nobody
> > were compromised it could replace the man binary with a trojan.
>
> Can't you just make the man binary read-only then? The wrappers seems like a
> very roundabout way to fix the problem.
[eb@socrates tmp]$ ls -l setuidprog
-r-sr-xr-x 1 eb eb 5 Feb 23 00:43 setuidprog
[eb@socrates tmp]$ echo "we just fubared setuidprog" > setuidprog
bash: setuidprog: Permission denied
[eb@socrates tmp]$ chmod u+w setuidprog
[eb@socrates tmp]$ echo "we just fubared setuidprog" > setuidprog
[eb@socrates tmp]$ cat setuidprog
we just fubared setuidprog
[eb@socrates tmp]$
as you can see if we get uid man then we just just chmod the man
binary writable just fine and write to it. the only way to protect man
from man is to chattr +i but i suspect that would be rather difficult
to deal with in the packaging system... (would a chattr in the
postinst and prerm work?)
this is where /usr on its own partition mounted readonly is really the
most helpful thing... if you get uid man its useless since you need
uid root to remount /usr writable. but then again you could always cp
/bin/sh to somewhere and chmod u+s it and wait till root remounts /usr
for maintenance and get uid man back by running the shell.. (good
reason for keeping all user writable filesystems mounted nosuid.)
--
Ethan Benson
Reply to: