Okay, making barry setuid just got dropped from my list :) Thanks for the very detailed explanations!
Niels On Thu, Jul 17, 2008 at 8:02 PM, Chris Frey <[EMAIL PROTECTED]> wrote: > On Thu, Jul 17, 2008 at 05:27:38PM +0200, Niels de Vos wrote: >> Hello, >> >> attached is a patch for the specfile for setting the setuid-bit on >> some executables. It would be really cool if a normal (non-root) user >> is able to use the barry utilities. >> This patch only displays what could be done in the specfile to achieve >> this. As some execuatbles read/write files, this is very dangerous at >> the moment; any user would get root-rights for reading/writing files. >> >> I would like to compose a TODO-list with: >> * how to make an executable secure? >> * which binaries should be secure? >> * does barrybackup call other binaries or does it use libbarry? >> * ... >> >> Any thoughts? > > Hi Niels, > > Of your proposed list of binaries, here's my reasoning regarding each one: > > bcharge > > There are 2 jobs that need to be done when plugging a Blackberry > into the system: 1) change the mode and have it reset itself so > that charging is possible, and 2) set the device permissions so that > other programs can access the device without root privileges. > > Option 1 is performed by bcharge, and should be done automatically > by udev. Option 2 is already handled by udev rules. So there is > no need for bcharge to be setuid root. > > breset > > If bcharge is setup correctly as above, you can reset your device > without being root, so setuid root is not needed here either. > > pppob > > This program is really only called by pppd, which is already setuid > root on many systems. Even so, pppob talks to the Blackberry the > same way that any other Barry program does, and if bcharge and udev > are setup correctly, there is no need for setuid root. > > bidentify > > This is a helper program to identify what Blackberry devices are > attached to the system. It was added for Martin Owens and his > device identification system. I believe this could be called via > HAL or similar, or just any curious user can call it. If it is > called before bcharge, then you need to be root, and if it is part > of a system configuration process, then the calling system is > likely root as well. If bcharge is setup correctly, bidentify > does not need setuid root anyway. > > btool > brecsum > upldif > barrybackup > > All of these programs are user level programs. (I realize your spec > file patch did not include barrybackup as setuid.) As such, > they are intended to be run as a non-root user, and any need for > root privileges is bug in your system's setup, and should be > addressed by changing the udev rules and how bcharge is called. > There's no need or intent to add setuid root for these programs. > > > Comments on your TODO list: > >> * how to make an executable secure? > > This is a tricky task, and best left to the Wietse Venema's and > Daniel Bernsteins of the world. *wink, wink, nudge, nudge* :-) > > Seriously though, to make a program ripe for setuid root privileges, > it needs to be as simple as possible, as small as possible, focused in > its task, and peer reviewed. > > Currently none of the above programs meet that criteria, except maybe > breset, which is a really simple program using libusb. Bcharge is fairly > simple, but it supports a command line option to write to sysfs to adjust > autosuspend settings, which would either need to be removed, or have > a special case. And the more special cases you put in, the harder it is > to secure a program. > > >> * which binaries should be secure? > > They should all be secure for the target environment they are running in. > I'm specifically aiming for no program to need to run as root, except > bcharge, and that is run automatically in a very defined way, by udev, > so is already fairly secure. > > >> * does barrybackup call other binaries or does it use libbarry? > > Barrybackup uses libbarry. All the above programs use libbarry except > bcharge and breset. > > - Chris > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Barry-devel mailing list > Barry-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/barry-devel > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Barry-devel mailing list Barry-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/barry-devel
