[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#581697: allows group-writable files owned by random groups

On Sat, May 15, 2010 at 11:58:50AM -0400, Joey Hess wrote:
> Colin Watson wrote:
> > Are you sure you aren't a member of group games?
> 
> I am not a member of games, The games user, though is, via /etc/passwd.
> Not via /etc/group.
> 
> joey@gnu:~>getent group games
> games:x:60:
> joey@gnu:~>getent passwd games
> games:x:5:60:games:/usr/games:/bin/sh
> joey@gnu:~>sudo -u games id     
> uid=5(games) gid=60(games) groups=60(games)
> 
> Shouldn't the passwd group membership also be checked?

Ah, fair point, I was only checking supplementary groups.  I'll fix
that, thanks.

> > A zero-member group, or any random group containing only the user,
> > should clearly be fine in my book because the ownership of ~/.ssh/config
> > by that group doesn't permit any other user to write to the file.
> 
> I think that zero-member groups are typically used by sgid binaries,
> so assuming noone else can access them is not entirely safe.

You've persuaded me.  The next upload of openssh will only permit groups
with exactly one member.

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: