[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#770784: marked as done (ninja: Non-magic-group users treated as being in magic group)

Your message dated Tue, 20 Dec 2016 06:06:00 +0000
with message-id <[🔎] E1cJDYm-0004zz-Cx@fasolo.debian.org>
and subject line Bug#848359: Removed package(s) from unstable
has caused the Debian Bug report #770784,
regarding ninja: Non-magic-group users treated as being in magic group
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
770784: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770784
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: ninja
Version: 0.1.3-2
Severity: important

Dear Maintainer,

I ran ninja from a root shell while logged into a standard user account,
initially with the attached ninja.conf and whitelist files using the
command "ninja /etc/ninja/ninja.conf".

"su" and "sudo" entries were removed from the whitelist file, and only
GID 0 was specified as the "magic group".

The (one and only) standard user account on this installation has a GID
of 1000.

I tested ninja by running "su" and "sudo synaptic -h" from a standard
user shell, and both times they were allowed to run. Here are samples
of entries from the nina log file:

NEW ROOT PROCESS: su[1763] ppid=1758 uid=0 gid=1000
  - ppid uid=1000(user) gid=1000 ppid=1699
  + user is in magic group, all OK!
NEW ROOT PROCESS: sudo[1891] ppid=1850 uid=0 gid=1000
  - ppid uid=1000(user) gid=1000 ppid=1699
  + user is in magic group, all OK!

I tried the above again after re-running ninja without a ninja.conf
specified and experienced the same results.

I had expected both su and sudo to be blocked by ninja since neither
were in the whitelist file and the user account was not in the magic
group.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ninja depends on:
ii  libc6      2.19-7
ii  logrotate  3.8.7-1

ninja recommends no packages.

ninja suggests no packages.

-- Configuration Files:
/etc/ninja/ninja.conf changed:
group = 0
daemon = yes
interval = 0
logfile = /root/ninja.log
whitelist = /etc/ninja/whitelist
external_command = '!!! PRIVILEGE ESCALATION DETECTED !!!'
no_kill = no
no_kill_ppid = no
ignore_root_procs = yes
log_whitelist = no
require_init_wlist = no
proc_scan_offset = 0

/etc/ninja/whitelist changed:
/bin/fusermount:users:
/usr/bin/passwd:users:
/usr/bin/pulseaudio:users:
/usr/sbin/hald:haldaemon:
/usr/lib/hal/hald-runner:haldaemon:


-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 0.1.3-3+rm

Dear submitter,

as the package ninja has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/848359

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---
Reply to: