Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Joerg Schilling <Joerg.Schilling@××××××××××××××××.de>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Cdrtools installation without suid root
Date: Fri, 26 Apr 2013 18:33:42
Message-Id: 517ac7fb.dbgNxPPiuu4xWXOi%Joerg.Schilling@fokus.fraunhofer.de
In Reply to: Re: [gentoo-user] Cdrtools installation without suid root by Daniel Pielmeier
1 Daniel Pielmeier <billie@g.o> wrote:
2
3 > Actually it is the linkage against libcap what I am concerned of.
4
5 This is what I call a security risk with the current concepts of some linux
6 systems. See Announcement file for more....
7
8 > Imagine the following scenario. Libcap is not present on the system.
9 > Then package X which requires libcap is installed and the package
10 > manager who knows this installs libcap as a dependency. Then package Y
11 > is installed which unconditionally links against libcap. The package
12 > manager is unaware of this and does not know about the dependency. Now
13 > package X is uninstalled and the package manager removes libcap because
14 > he thinks nothing on the system needs it anymore. Now package Y will
15 > stop working because libcap is not there anymore. If it is possible to
16 > conditionally link against libcap such issues could be avoided. Libcap
17 > will not be uninstalled if the dependency is known. Additionally it is
18 > possible to have libcap installed and not link cdrtools against it.
19
20 On Solaris, you cannot remove files that are part of the basic kernel features.
21
22 Privileges on Solaris are a basic kernel feature and part of the basic
23 security concept, so you cannot remove this.... on most Linux distros, it seems
24 that you can.
25
26 I am concerned about a different scenario:
27
28 Imagine, you compile cdrtools without libcap and later install the support for
29 the OS. Now you decide to use "setcap" to make cdrecord work. Cdrecord will
30 really work this way, but you opened a security hole as this cdrecord now is
31 not privileges aware and thus cannot even detect that it is running with more
32 than basic privileges. Such a cdrecord installation will happyly write any
33 local file for any local user to CD.
34
35 Jörg
36
37 --
38 EMail:joerg@××××××××××××××××××××××××.de (home) Jörg Schilling D-13353 Berlin
39 js@××××××××××××.de (uni)
40 joerg.schilling@××××××××××××××××.de (work) Blog: http://schily.blogspot.com/
41 URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily

Replies

Subject Author
Re: [gentoo-user] Cdrtools installation without suid root Daniel Pielmeier <billie@g.o>
Report Message
Find on MARC Find on Google Groups