Bug#299007: base-files: Insecure PATH

To: 299007@bugs.debian.org, jbj@image.dk
Subject: Bug#299007: base-files: Insecure PATH
From: psz@maths.usyd.edu.au
Date: Mon, 28 Mar 2005 17:19:30 +1000
Message-id: <[🔎] 200503280719.j2S7JUIG012182@pisa.maths.usyd.edu.au>
Reply-to: psz@maths.usyd.edu.au, 299007@bugs.debian.org
In-reply-to: <[🔎] 20050327122437.GA12553@jbj2.jbj.homelinux.com>

Jakob Bohm <jbj@image.dk> wrote:

>> Is this feature seldom used, so we do not care much about it; or is
>> it often used, and so possibly worth retaining?
> 
> I certainly use it.  I also create multiple ... 'almost root' accounts ...

You are smart enough to set up features similar to group staff, and do
not need group staff to be available *by default*.

> The real, fundamental, security issue is that most
> implementations of the NFS protocol ...

Group staff and NFS should not co-exist. Which one should Debian policy
warn against? Debian policy does not force you to use NFS, it must not
force you to have group staff either.

> These broken-by-design NFS implementations ... trojanize all user
> writable files ... all systems should be given the 'root compromise'
> cleanup.

Not quite as bad as that: root-squash should protect you somewhat.

>> Is it documented anywhere that you should only give group staff
>> privileges to those that also have the root password?
> 
> I think it is probably documented somewhere (and certainly basic
> os-independent sysadmin knowledge) ...

Specific reference, please. Is it documented by Debian, in the policy
that forces group staff upon you?

>> At no time was I arguing for banning whatever ownership of /usr/local
>> by policy; I only wanted to also allow it being owned by root. ...
>> ...  However, you must also grant me the right to run my machine
>> securely, and should not try to prevent me from doing so by policy.
> 
> NOT agreed. ...

Do you really mean that? Which one do you mean: should policy
specifically disallow root ownership of /usr/local, or should it prevent
me from running my machine in a way that I (foolishly) think is safe?

> The problem is that most NFS-servers and most versions of the
> NFS protocol do not perform sufficient validation ...

NFS may be ugly and insecure. Should we banish it from Debian?

Cheers,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Reply to:

Follow-Ups:
- Bug#299007: base-files: Insecure PATH
  - From: Jakob Bohm <jbj@image.dk>

References:
- Bug#299007: base-files: Insecure PATH
  - From: Jakob Bohm <jbj@image.dk>

Prev by Date: Re: in the light
Next by Date: Bug#299007: base-files: Insecure PATH
Previous by thread: Bug#299007: base-files: Insecure PATH
Next by thread: Bug#299007: base-files: Insecure PATH
Index(es):
- Date
- Thread