Hi folks, This might not be a security problem, but I just wanted to run it past you to be sure. Sorry if this is wasting your time (CCing the maintainers as well). This looked odd to me: % ls -l /usr/lib/kde4/libexec/kdesud -rwxr-sr-x 1 root nogroup 63488 May 2 01:04 /usr/lib/kde4/libexec/kdesud This setgid binary is owned by :nogroup, so unless I'm mistaken this should be safe: it's not possible for any process with gid=nogroup to to tamper with the binary. This just seems a little odd from a security POV, since kdesud is only dropping to an unprivileged group; it's not dropping to an unprivileged UID such as nobody, and it's not dropping the supplementary groups (which includes the old EGID in any case). i.e. the actual effect of the switch of effective group is almost nil, which made me wonder if this is what was intended here. (Since the switch appears pointless, was something more secure supposed to happen instead?) But, more generally, should we have files owned by :nogroup on the system? So there's really two main queries: 1) Is the setgid-nogroup actually serving any useful purpose or should it be doing a better job of dropping privs? 2) Should nobody/nogroup owner/group be permitted on the filesystem? Thanks, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Attachment:
signature.asc
Description: Digital signature