Bug#337086: [BPP] Best practices for security design and review

To: Javier Fern??ndez-Sanguino Pe??a <jfs@computer.org>, 337086@bugs.debian.org
Subject: Bug#337086: [BPP] Best practices for security design and review
From: Justin Pryzby <justinpryzby@users.sourceforge.net>
Date: Wed, 5 Apr 2006 21:58:56 -0400
Message-id: <[🔎] 20060406015856.GA27388@andromeda>
Reply-to: Justin Pryzby <justinpryzby@users.sourceforge.net>, 337086@bugs.debian.org
In-reply-to: <[🔎] 20060406002544.GA23735@javifsp.no-ip.org>
References: <20051102155900.GA22247@javifsp.no-ip.org> <20051102160734.GA31795@mails.so.argh.org> <[🔎] 20060406002544.GA23735@javifsp.no-ip.org>

On Thu, Apr 06, 2006 at 02:25:44AM +0200, Javier wrote:
> On Wed, Nov 02, 2005 at 05:07:34PM +0100, Andreas Barth wrote:
> > Hi,
> > 
> > * Javier Fern?ndez-Sanguino Pe?a (jfs@computer.org) [051102 17:04]:
> > > Attached is a patch that provides a list of best practices for security
> > > review and designed. If there is no intention to add this to the Developer
> (...)
> > 
> > I'll add some more in-depth remarks later on.
> 
> Hi Andi, 
> 
> Do you believe it will be possible to get this patch introduced in the
> Developer's reference? Are there any improvements you would like me to do?
Hi,

For the record, I like the intent of this patch, but I think it is a
little too long for inclusion in the Developers reference.  Perhaps a
reference to the "Securing Debian" section where it will be included
will be sufficient?

Do you intend to have so many links to the Cross_site_scripting wiki
page?

| makes limited damaged to the...
This is a run-on sentence and needs to be rewritten.  This part of it
is better expressed as "limits damage to the system".

|Fore more information
   ^^^
For

The user adding bit is useful; I wonder if you would consider
contributing a debhelper bit, dh_adduser?  See #81697 and #118787.

+                  if [ "$FIRST_SYSTEM_UID" -le "$USERID" ] && \
+                     [ "$USERID" -le "$LAST_SYSTEM_UID" ]; then
+                       echo "The user $SERVER_USER already exists as a non sys
tem user!" >&2
+                       echo "Aborting package installation" >&2
+                       exit 1
+                  fi
This is broken; you must use ||, and the comparisons are backwards.

+               if ! groups $SERVER_USER | grep -q $ADDGROUP; then
This needs to be grep -qw to avoid substring matches, and should
really have |cut -d: -f2 also:
                if ! groups $SERVER_USER |cut -d: -f2 |grep -q $ADDGROUP; then

+Does not run if either the user or the group do not exist:
+<example>
+  if getent passwd | grep -q "^<var>server_user</var>:"; then
+     echo "Server user does not exist. Aborting" >&2
+     exit 1
+  fi
Backwards test.

|If the The system user
s/The //

+ recreated by the init.d script since the state
+ directory.
The last half of this sentence (and the left out stuff) is redundant.

|they should not be either owned
s/not be either/be neither/

Reply to:

Follow-Ups:
- Bug#337086: [BPP] Best practices for security design and review
  - From: Javier Fernández-Sanguino Peña <jfs@debian.org>

References:
- Bug#337086: [BPP] Best practices for security design and review
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Bug#337086: [BPP] Best practices for security design and review
Next by Date: list of head hunter indonesia
Previous by thread: Bug#337086: [BPP] Best practices for security design and review
Next by thread: Bug#337086: [BPP] Best practices for security design and review
Index(es):
- Date
- Thread