[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: If you care about debian's security read this

On Sun, 2002-03-03 at 19:42, Gustavo Noronha Silva wrote:
> On Sun, 3 Mar 2002 21:16:13 +0100
> Josip Rodin <joy@cibalia.gkvk.hr> wrote:
> > Ah, I read a bit better now and noticed:
> > 
> >  kov     ALL = (root)
> > 
> > So it's not that serious indeed.
> ok, I think you guys don't know enough about sudo to understand
> the problem and Branden is blindly trusting his coleagues without
> taking the time to look at the problem

So you are the expert?  We should just take your word for it, because
you're right and we're wrong?  Never mind that we explain the reason why
it's not a security problem; we're just in error, because Gustavo Knows

> this is my sudoers line:
> kov     ALL = (root) NOPASSWD: /usr/sbin/chroot, /usr/sbin/pbuilder,
> PASSWD: /usr/bin/apt-get
> it means that 'kov' from ALL hosts = allowed to run as root without
> being asked for a password commands chroot, pbuilder and is allowed
> to run as root after being asked *kov's* password the program apt-get

And who, pray tell, added that line to /etc/sudoers?

> so, notice that sudo never asks the root password and with that sudoers
> line my user cannot run /bin/sh

And who, pray tell, granted that user such liberal provisions?

> now, for gnome-sudo to run your user needs to be able to run
> /usr/lib/gnome-sudo/gnome-sudo-helper with the "target user"
> (root, in this case)

And who, pray tell, grants the user the right to run gnome-sudo-helper?

> but gnome-sudo-helper is a script that calls any command you ask it
> to... so having it on /etc/sudoers is the same as making /bin/sh
> setuid... or replacing the user's uid with '0'... as Joey Hess said
> it is easier to run gnome as root if you are to use gnome-sudo

And who, pray tell, grants the user the right to run GNOME as root in
this situation, assuming that GNOME is run via sudo?

> I guess that when an admin installs a package it wants it to work,
> if it comes from Debian the admin may blindly trust the package and
> open that root whole

So the fact that a user may "blindly trust" the emacs21 package and add
it to sudoers means that we should file a critical bug against it, too?

> Notice that Jeff agreed that this bug was grave (he is the original
> submitter after we talked about this on debian-devel) and now, because
> his package depends on gnome-sudo and it was not fixed in time he wants
> to force its acceptance in woody

Now there's a bit of revisionist history!

I filed the bug because I thought it might be something important.  Eric
showed me (and you) our common error.  I no longer consider it to be a
serious security hole.  Apparently, I'm not alone in that assessment.

I could make some allusions about your motivation for refusing to have
any respect for the package or its maintainer.  I'd have more evidence,
too, since you also committed bug terrorism by attempting to merge
non-related bugs in and elevate their priority without any justification

But, as they say, "never ascribe to malice what may be easily explained
by incompetence".

> I strongly recommend that you use xsu instead... it is not a root hole...

Are you sure?  It was a huge root hole in the past, I'm told.

I'm considering adding xsu support to the configlets.  However, xsu has
the singular drawback that it asks for your password over and over again
when used with the configlets.  Something like gnome-sudo works much
better for the average user.

This is why I expend the effort to defend gnome-sudo.  That, and I'm
really aggravated at the total lack of clue and lack of respect you seem
to have for your fellow developers.

Reply to: