Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Joerg Schilling <Joerg.Schilling@××××××××××××××××.de>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Cdrtools installation without suid root
Date: Fri, 26 Apr 2013 20:20:52
Message-Id: 517ae18f.z3b+TGR72VsEaT+A%Joerg.Schilling@fokus.fraunhofer.de
In Reply to: Re: [gentoo-user] Cdrtools installation without suid root by Daniel Pielmeier
1 Daniel Pielmeier <billie@g.o> wrote:
2
3 > > I am concerned about a different scenario:
4 > >
5 > > Imagine, you compile cdrtools without libcap and later install the support for
6 > > the OS. Now you decide to use "setcap" to make cdrecord work. Cdrecord will
7 > > really work this way, but you opened a security hole as this cdrecord now is
8 > > not privileges aware and thus cannot even detect that it is running with more
9 > > than basic privileges. Such a cdrecord installation will happyly write any
10 > > local file for any local user to CD.
11 > >
12 > > Jörg
13 > >
14 >
15 > If you add an option to make conditional linkage against libcap possible
16 > there are only two possible scenarios. cdrtools links against libcap and
17 > the capabilities are set or it doesn't link against libcap and cdrtools
18 > are installed suid root without capabilities.
19 >
20 > Everything is done in the ebuild and the user does not need to mess with
21 > setcap. It is controlled by the package manager and the linkage and
22 > capability setting are tied together at installation time.
23 >
24 > Just adding an option similar to the one for the ACLs would make my live
25 > a lot easier. Just enable it by default and make it possible to switch
26 > it off.
27
28 I am not shure whether there is a missunderstanding.
29
30 You could have an installation without libcap and without setcap/getcap where
31 cdrecord still has active file capabilities. Nobody could check why, but
32 cdrecord would be able to write any local file to CD on such a system.
33
34 The only problem I see is that you are able to remove important software on a
35 Linux installation while the kernel still supports the feature by default.
36
37 Jörg
38
39 --
40 EMail:joerg@××××××××××××××××××××××××.de (home) Jörg Schilling D-13353 Berlin
41 js@××××××××××××.de (uni)
42 joerg.schilling@××××××××××××××××.de (work) Blog: http://schily.blogspot.com/
43 URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily

Replies

Subject Author
[gentoo-user] Re: Cdrtools installation without suid root Nikos Chantziaras <realnc@×××××.com>
Report Message
Find on MARC Find on Google Groups