Bug#222524: dpkg: start-stop-daemon should check uid & gid before calling setuid & initgroups
Package: dpkg
Version: 1.10.18
Severity: wishlist
Hi,
We have a box on which we want some users to be able to start & stop
icecast. For this, we gave them an sudo -u icecast permission, but this
is not sufficient, because /etc/init.d/icecast-server contains:
start-stop-daemon --start --quiet --chuid $USERID:$USERID \
--exec $DAEMON $OPTIONS
so that when executed by root, it setuid(icecast)s and
initgroups(icecast)s. But when launched by the icecast user, this is
not necessary, and actually poses problem, since initgroups *requires*
root privilege for instance, and of course the icecast user doesn't
have the right to modify /etc/init.d/icecast-server to remove --chuid
$USERID:$USERID
So that it would be nice to have
if (changeuser != NULL) {
if (setgid(runas_gid))
fatal("Unable to set gid to %d", runas_gid);
if (initgroups(changeuser, runas_gid))
fatal("Unable to set initgroups() with gid %d", runas_gid);
if (setuid(runas_uid))
fatal("Unable to set uid to %s", changeuser);
}
(start-stop-daemon.c:1247)
be replaced by some
if (changeuser != NULL && getuid() != runas_uid) {
if (setuid(runas_uid))
fatal("Unable to set uid to %s", changeuser);
}
if (changegroup != NULL && *changegroup != '\0' && getgid() != runas_gid) {
if (getgid() not in getgroups())
if (initgroups(changeuser, runas_gid))
fatal("Unable to set initgroups() with gid %d", runas_gid);
if (setgid(runas_gid))
fatal("Unable to set gid to %d", runas_gid);
}
so that normal users may call /etc/init.d scripts when they have the
corresponding sudo right for instance. (the *changegroup != '\0' is
necessary since setting --chuid would always at least set changegroup to
"")
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux bouh 2.6.0-test11 #1 Thu Nov 27 12:47:57 CET 2003 i686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro
Versions of packages dpkg depends on:
ii dselect 1.10.18 a user tool to manage Debian packa
ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an
-- no debconf information
Reply to: