Control: severity -1 serious On Fri, 29 Aug 2025 23:03:37 +0200 Chris Hofstaedtler <[email protected]> wrote:
> Control: severity -1 wishlist > > On Fri, Aug 29, 2025 at 03:33:09PM -0500, Aaron Rainbolt wrote: > > `write` and `msg` are both parts of POSIX as explained earlier > > write and mesg were removed due to security reasons. This part of > POSIX is inherently insecure and unfixable. > > We're not gonna turn them back on. > > Chris > Chris, The inherently insecure, unfixable security issues were remediated by disabling the SGID bit on the executables. The executables themselves are not capable of presenting any security risk to systems they are installed on in this state beyond the risks any application written in C presents. If `mount` were to have the SUID bit enabled, it too would have unfixable security issues, so systems simply don't ship `mount` SUID. There's no reason I can see to not do the same here. The fact remains that there are use cases for these parts of POSIX that do not require opening security holes. POSIX does not mandate that these utilities be usable by arbitrary users, it does mandate that the utilities exist, at least to my awareness. Debian policy mandates that packages that provide standard utilities have priority "important" or higher, which implies that packages with priority "important" or higher should not have standard utilities removed unless all other options are exhausted. Unless there is an issue beyond the security issues that were plugged by removing the SGID bit to justify the removal, this is still a violation of Debian Policy by my reading and must be resolved (unless my reading is wrong or the policy changes). If there are further security issues, these need to be brought up or at least their existence mentioned.
pgpi2DnH1m58W.pgp
Description: OpenPGP digital signature
