1 |
Daniel Pielmeier <billie@g.o> wrote: |
2 |
|
3 |
> Actually it is the linkage against libcap what I am concerned of. |
4 |
|
5 |
This is what I call a security risk with the current concepts of some linux |
6 |
systems. See Announcement file for more.... |
7 |
|
8 |
> Imagine the following scenario. Libcap is not present on the system. |
9 |
> Then package X which requires libcap is installed and the package |
10 |
> manager who knows this installs libcap as a dependency. Then package Y |
11 |
> is installed which unconditionally links against libcap. The package |
12 |
> manager is unaware of this and does not know about the dependency. Now |
13 |
> package X is uninstalled and the package manager removes libcap because |
14 |
> he thinks nothing on the system needs it anymore. Now package Y will |
15 |
> stop working because libcap is not there anymore. If it is possible to |
16 |
> conditionally link against libcap such issues could be avoided. Libcap |
17 |
> will not be uninstalled if the dependency is known. Additionally it is |
18 |
> possible to have libcap installed and not link cdrtools against it. |
19 |
|
20 |
On Solaris, you cannot remove files that are part of the basic kernel features. |
21 |
|
22 |
Privileges on Solaris are a basic kernel feature and part of the basic |
23 |
security concept, so you cannot remove this.... on most Linux distros, it seems |
24 |
that you can. |
25 |
|
26 |
I am concerned about a different scenario: |
27 |
|
28 |
Imagine, you compile cdrtools without libcap and later install the support for |
29 |
the OS. Now you decide to use "setcap" to make cdrecord work. Cdrecord will |
30 |
really work this way, but you opened a security hole as this cdrecord now is |
31 |
not privileges aware and thus cannot even detect that it is running with more |
32 |
than basic privileges. Such a cdrecord installation will happyly write any |
33 |
local file for any local user to CD. |
34 |
|
35 |
Jörg |
36 |
|
37 |
-- |
38 |
EMail:joerg@××××××××××××××××××××××××.de (home) Jörg Schilling D-13353 Berlin |
39 |
js@××××××××××××.de (uni) |
40 |
joerg.schilling@××××××××××××××××.de (work) Blog: http://schily.blogspot.com/ |
41 |
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily |