Re: Fwd: Problem with multiple root-users (UID=0)

To: Mike Christie <michaelc@cs.wisc.edu>
Cc: debian-security@lists.debian.org
Subject: Re: Fwd: Problem with multiple root-users (UID=0)
From: Ritesh Raj Sarraf <rrs@debian.org>
Date: Wed, 16 Nov 2011 11:43:28 +0530
Message-id: <[🔎] 4EC35488.8070707@debian.org>
Reply-to: rrs@debian.org
In-reply-to: <4EC34DEA.3030402@cs.wisc.edu>
References: <10bc1669-20dc-4fea-b9a2-dac97b3d7f56@gy7g2000vbb.googlegroups.com> <4EC34DEA.3030402@cs.wisc.edu>

Hello Mike,

Yes, That'd be debian-security@lists.debian.org, Cced with this email.


Ritesh

On 11/16/2011 11:15 AM, Mike Christie wrote:
> Hey Ritesh,
> 
> Does Debian have some sort of security list? I asked some red hat people
> and they thought removing the check for "root" and just checking for
> UID=0 would be ok. They were not 100% sure though since we could not
> figure out why the original maintainers check explicitly for root. So I
> have been checking with distro people to make sure it is ok with their
> security people.
> 
> Thanks
> 
> Mike
> 
> 
> 
> 
> -------- Original Message --------
> Subject: Problem with multiple root-users (UID=0)
> Date: Mon, 7 Nov 2011 11:37:29 -0800 (PST)
> From: Thomas Weichert <thomas@weichert-web.de>
> Reply-To: open-iscsi@googlegroups.com
> To: open-iscsi <open-iscsi@googlegroups.com>
> 
> Hi,
> 
> in the last few days I encountered a problem on my SLES 11.1 Linux
> with the open-iscsi package in version 2.0-871 respectively 0.872. I
> investigated the problem and found out that in my system there are two
> root users with uid = 0 (sadly, this is required). Therefore I digged
> deeper and found out that the problem most probably lies in the two
> code snippets where "root" is defnied explicitely. Those are usr/
> mgmt_ipc.c around line 549 with:
> 
> if (!mgmt_peeruser(fd, user) || strncmp(user, "root", PEERUSER_MAX)) {
> 	err = MGMT_IPC_ERR_ACCESS;
> 	goto err;
> }
> 
> as well as usr/statics.c around line 7:
> 
> static struct passwd root_pw = {
>         .pw_name = "root",
> }
> 
> When the Linux command `whoami` returns something different than
> "root", open-iscsi will not work.
> 
> As far as I understand the issue, the function call to mgmt_peeruser()
> in mgmt_ipc.c sets the variable user to the currently logged in user
> name and then it is compared to "root". If my root-user is named
> differently, the strncmp function fails of course. I did not
> investigate the code in statics.c further, whether it plays a role or
> not, since a change to mgmt_ipc.c solves my problem.
> 
> Is there a chance to fix this issue just by checking if the user has
> sufficient rights, e.g. has uid=0, or is there any special reason for
> demanding a user named root?
> 
> Thanks a lot
> Thomas
> 


-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Fwd: Problem with multiple root-users (UID=0)
  - From: Russell Coker <russell@coker.com.au>
- Re: Fwd: Problem with multiple root-users (UID=0)
  - From: Mike Mestnik <cheako@mikemestnik.net>

Prev by Date: Re: [SECURITY] [DSA 2346-1] proftpd-dfsg security update
Next by Date: Re: [SECURITY] [DSA 2346-1] proftpd-dfsg security update
Previous by thread: Re: [SECURITY] [DSA 2346-1] proftpd-dfsg security update
Next by thread: Re: Fwd: Problem with multiple root-users (UID=0)
Index(es):
- Date
- Thread