Bug#337086: [BPP] Best practices for security design and review

To: Justin Pryzby <justinpryzby@users.sourceforge.net>
Cc: 337086@bugs.debian.org
Subject: Bug#337086: [BPP] Best practices for security design and review
From: Javier Fernández-Sanguino Peña <jfs@debian.org>
Date: Tue, 11 Apr 2006 13:30:23 +0200
Message-id: <[🔎] 20060411113023.GB11911@javifsp.no-ip.org>
Mail-followup-to: Justin Pryzby <justinpryzby@users.sourceforge.net>, 337086@bugs.debian.org
Reply-to: Javier Fernández-Sanguino Peña <jfs@debian.org>, 337086@bugs.debian.org
In-reply-to: <[🔎] 20060406015856.GA27388@andromeda>
References: <20051102155900.GA22247@javifsp.no-ip.org> <20051102160734.GA31795@mails.so.argh.org> <[🔎] 20060406002544.GA23735@javifsp.no-ip.org> <[🔎] 20060406015856.GA27388@andromeda>

On Wed, Apr 05, 2006 at 09:58:56PM -0400, Justin Pryzby wrote:
> For the record, I like the intent of this patch, but I think it is a
> little too long for inclusion in the Developers reference.  Perhaps a
> reference to the "Securing Debian" section where it will be included
> will be sufficient?

It's just that I this somehow out of context in the "Securing Debian" manual
as it's a document more oriented towards system adminstrators setting up
Debian boxes. But I do agree that if the maintainer believes this is a patch
that is too long

> Do you intend to have so many links to the Cross_site_scripting wiki
> page?

No. That was a mistake.

> The user adding bit is useful; I wonder if you would consider
> contributing a debhelper bit, dh_adduser?  See #81697 and #118787.

Ummm.. when we talked about dh_adduser in -devel there were few that liked
the idea. Please also see #291177 and the thread under
http://lists.debian.org/debian-policy/2005/01/msg00024.html

> +                  if [ "$FIRST_SYSTEM_UID" -le "$USERID" ] && \
> +                     [ "$USERID" -le "$LAST_SYSTEM_UID" ]; then
> +                       echo "The user $SERVER_USER already exists as a non sys
> tem user!" >&2
> +                       echo "Aborting package installation" >&2
> +                       exit 1
> +                  fi
> This is broken; you must use ||, and the comparisons are backwards.

Hmmmm, you are correct this says that if first_system_uid <= userid <=
last_system_uid then it's a non-system user, when it's the other way around.

> +               if ! groups $SERVER_USER | grep -q $ADDGROUP; then
> This needs to be grep -qw to avoid substring matches, and should
> really have |cut -d: -f2 also:

Noted.

> +Does not run if either the user or the group do not exist:
> +<example>
> +  if getent passwd | grep -q "^<var>server_user</var>:"; then
> +     echo "Server user does not exist. Aborting" >&2
> +     exit 1
> +  fi
> Backwards test.

What do you mean by this?

As for the other typos, I will fix them if either the maintainer wishes me to
submit a new patch for inclusion in the Developer's Reference or if I get
some spare time to add this to the Securing Debian Manual.

FWIW, I've reused some of the content here in my Debconf6 talk, available at
http://people.debian.org/~jfs/debconf6/#security

Regards

Javier

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#337086: [BPP] Best practices for security design and review
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>

References:
- Bug#337086: [BPP] Best practices for security design and review
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Bug#337086: [BPP] Best practices for security design and review
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>

Prev by Date: Bug#361744: developers-reference: word choice in section 6.5.2.2
Next by Date: Bug#337086: [BPP] Best practices for security design and review
Previous by thread: Bug#337086: [BPP] Best practices for security design and review
Next by thread: Bug#337086: [BPP] Best practices for security design and review
Index(es):
- Date
- Thread