[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

kdesud and nogroup group setgid ownership

Hi folks,

This might not be a security problem, but I just wanted to run it
past you to be sure.  Sorry if this is wasting your time (CCing the
maintainers as well).

This looked odd to me:
% ls -l /usr/lib/kde4/libexec/kdesud 
-rwxr-sr-x 1 root nogroup 63488 May  2 01:04 /usr/lib/kde4/libexec/kdesud

This setgid binary is owned by :nogroup, so unless I'm mistaken this
should be safe: it's not possible for any process with gid=nogroup to
to tamper with the binary.  This just seems a little odd from a
security POV, since kdesud is only dropping to an unprivileged group;
it's not dropping to an unprivileged UID such as nobody, and it's not
dropping the supplementary groups (which includes the old EGID in any
case).  i.e. the actual effect of the switch of effective group is
almost nil, which made me wonder if this is what was intended here.
(Since the switch appears pointless, was something more secure
supposed to happen instead?)

But, more generally, should we have files owned by :nogroup on the system?

So there's really two main queries:
1) Is the setgid-nogroup actually serving any useful purpose or
   should it be doing a better job of dropping privs?
2) Should nobody/nogroup owner/group be permitted on the


  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: signature.asc
Description: Digital signature

Reply to: