Re: usrmerge breaks POSIX

To: Thorsten Glaser <tg@mirbsd.de>
Cc: debian-devel@lists.debian.org
Subject: Re: usrmerge breaks POSIX
From: Russ Allbery <rra@debian.org>
Date: Thu, 15 Feb 2024 17:25:38 -0800
Message-id: <[🔎] 87r0hd42ul.fsf@hope.eyrie.org>
In-reply-to: <[🔎] 877cj55q95.fsf@hope.eyrie.org> (Russ Allbery's message of "Thu, 15 Feb 2024 14:14:46 -0800")
References: <[🔎] 20240214172047.GA610049@cventin.lip.ens-lyon.fr> <[🔎] 87jzn6oplj.fsf@hope.eyrie.org> <[🔎] 20240214230259.GA357688@qaa.vinc17.org> <[🔎] 87a5o2o7bs.fsf@hope.eyrie.org> <[🔎] 20240215090811.GA678604@cventin.lip.ens-lyon.fr> <[🔎] 87sf1t64s6.fsf@hope.eyrie.org> <[🔎] Pine.BSM.4.64L.2402151717340.5685@herc.mirbsd.org> <[🔎] 87o7ch62r1.fsf@hope.eyrie.org> <[🔎] Pine.BSM.4.64L.2402151822410.5685@herc.mirbsd.org> <[🔎] Pine.BSM.4.64L.2402151842170.5685@herc.mirbsd.org> <[🔎] 87eddd5vkq.fsf@hope.eyrie.org> <[🔎] Pine.BSM.4.64L.2402152141210.5685@herc.mirbsd.org> <[🔎] 877cj55q95.fsf@hope.eyrie.org>

Russ Allbery <rra@debian.org> writes:
> Thorsten Glaser <tg@mirbsd.de> writes:

>> Right… and why does pkexec check against /etc/shells?

> pkexec checks against /etc/shells because this is the traditional way to
> determine whether the user is in a restricted shell, and pkexec is
> essentially a type of sudo and should be unavailable to anyone who is
> using a restricted shell.

Apologies, this turns out to be incorrect.  I assumed this based on my
prior experience with other programs that tested /etc/shells without doing
my research properly.  I should have been less certain here.

After some research with git blame, it appears that pkexec checks SHELL
against /etc/shells because pkexec passes SHELL to the program that it
executes (possibly in a different security context) and was worried about
users being able to manipulate and potentially compromise programs across
that security boundary by setting SHELL to some attacker-controlled value.
It is using /etc/shells as a list of possible valid values for that
variable that are safe to pass on.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: usrmerge breaks POSIX
  - From: Thorsten Glaser <tg@mirbsd.de>

References:
- usrmerge breaks POSIX
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: usrmerge breaks POSIX
  - From: Russ Allbery <rra@debian.org>
- Re: usrmerge breaks POSIX
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: usrmerge breaks POSIX
  - From: Russ Allbery <rra@debian.org>
- Re: usrmerge breaks POSIX
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: usrmerge breaks POSIX
  - From: Russ Allbery <rra@debian.org>
- Re: usrmerge breaks POSIX
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: usrmerge breaks POSIX
  - From: Russ Allbery <rra@debian.org>
- Re: usrmerge breaks POSIX
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: usrmerge breaks POSIX
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: usrmerge breaks POSIX
  - From: Russ Allbery <rra@debian.org>
- Re: usrmerge breaks POSIX
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: usrmerge breaks POSIX
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Bug#1064033: ITP: asn -- network OSINT CLI ASN, RPKI, BGP, Geo, Recon, Trace
Next by Date: Re: usrmerge breaks POSIX
Previous by thread: Re: usrmerge breaks POSIX
Next by thread: Re: usrmerge breaks POSIX
Index(es):
- Date
- Thread