On Thu, Jul 17, 2008 at 05:27:38PM +0200, Niels de Vos wrote:
> Hello,
>
> attached is a patch for the specfile for setting the setuid-bit on
> some executables. It would be really cool if a normal (non-root) user
> is able to use the barry utilities.
> This patch only displays what could be done in the specfile to achieve
> this. As some execuatbles read/write files, this is very dangerous at
> the moment; any user would get root-rights for reading/writing files.
>
> I would like to compose a TODO-list with:
> * how to make an executable secure?
> * which binaries should be secure?
> * does barrybackup call other binaries or does it use libbarry?
> * ...
>
> Any thoughts?
Hi Niels,
Of your proposed list of binaries, here's my reasoning regarding each one:
bcharge
There are 2 jobs that need to be done when plugging a Blackberry
into the system: 1) change the mode and have it reset itself so
that charging is possible, and 2) set the device permissions so that
other programs can access the device without root privileges.
Option 1 is performed by bcharge, and should be done automatically
by udev. Option 2 is already handled by udev rules. So there is
no need for bcharge to be setuid root.
breset
If bcharge is setup correctly as above, you can reset your device
without being root, so setuid root is not needed here either.
pppob
This program is really only called by pppd, which is already setuid
root on many systems. Even so, pppob talks to the Blackberry the
same way that any other Barry program does, and if bcharge and udev
are setup correctly, there is no need for setuid root.
bidentify
This is a helper program to identify what Blackberry devices are
attached to the system. It was added for Martin Owens and his
device identification system. I believe this could be called via
HAL or similar, or just any curious user can call it. If it is
called before bcharge, then you need to be root, and if it is part
of a system configuration process, then the calling system is
likely root as well. If bcharge is setup correctly, bidentify
does not need setuid root anyway.
btool
brecsum
upldif
barrybackup
All of these programs are user level programs. (I realize your spec
file patch did not include barrybackup as setuid.) As such,
they are intended to be run as a non-root user, and any need for
root privileges is bug in your system's setup, and should be
addressed by changing the udev rules and how bcharge is called.
There's no need or intent to add setuid root for these programs.
Comments on your TODO list:
> * how to make an executable secure?
This is a tricky task, and best left to the Wietse Venema's and
Daniel Bernsteins of the world. *wink, wink, nudge, nudge* :-)
Seriously though, to make a program ripe for setuid root privileges,
it needs to be as simple as possible, as small as possible, focused in
its task, and peer reviewed.
Currently none of the above programs meet that criteria, except maybe
breset, which is a really simple program using libusb. Bcharge is fairly
simple, but it supports a command line option to write to sysfs to adjust
autosuspend settings, which would either need to be removed, or have
a special case. And the more special cases you put in, the harder it is
to secure a program.
> * which binaries should be secure?
They should all be secure for the target environment they are running in.
I'm specifically aiming for no program to need to run as root, except
bcharge, and that is run automatically in a very defined way, by udev,
so is already fairly secure.
> * does barrybackup call other binaries or does it use libbarry?
Barrybackup uses libbarry. All the above programs use libbarry except
bcharge and breset.
- Chris
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Barry-devel mailing list
Barry-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/barry-devel
