Hello Mike, Yes, That'd be debian-security@lists.debian.org, Cced with this email. Ritesh On 11/16/2011 11:15 AM, Mike Christie wrote: > Hey Ritesh, > > Does Debian have some sort of security list? I asked some red hat people > and they thought removing the check for "root" and just checking for > UID=0 would be ok. They were not 100% sure though since we could not > figure out why the original maintainers check explicitly for root. So I > have been checking with distro people to make sure it is ok with their > security people. > > Thanks > > Mike > > > > > -------- Original Message -------- > Subject: Problem with multiple root-users (UID=0) > Date: Mon, 7 Nov 2011 11:37:29 -0800 (PST) > From: Thomas Weichert <thomas@weichert-web.de> > Reply-To: open-iscsi@googlegroups.com > To: open-iscsi <open-iscsi@googlegroups.com> > > Hi, > > in the last few days I encountered a problem on my SLES 11.1 Linux > with the open-iscsi package in version 2.0-871 respectively 0.872. I > investigated the problem and found out that in my system there are two > root users with uid = 0 (sadly, this is required). Therefore I digged > deeper and found out that the problem most probably lies in the two > code snippets where "root" is defnied explicitely. Those are usr/ > mgmt_ipc.c around line 549 with: > > if (!mgmt_peeruser(fd, user) || strncmp(user, "root", PEERUSER_MAX)) { > err = MGMT_IPC_ERR_ACCESS; > goto err; > } > > as well as usr/statics.c around line 7: > > static struct passwd root_pw = { > .pw_name = "root", > } > > When the Linux command `whoami` returns something different than > "root", open-iscsi will not work. > > As far as I understand the issue, the function call to mgmt_peeruser() > in mgmt_ipc.c sets the variable user to the currently logged in user > name and then it is compared to "root". If my root-user is named > differently, the strncmp function fails of course. I did not > investigate the code in statics.c further, whether it plays a role or > not, since a change to mgmt_ipc.c solves my problem. > > Is there a chance to fix this issue just by checking if the user has > sufficient rights, e.g. has uid=0, or is there any special reason for > demanding a user named root? > > Thanks a lot > Thomas > -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
Attachment:
signature.asc
Description: OpenPGP digital signature