severity 514110 grave tags 514110 + security patch tag 512803 + pending thanks
Le mercredi 04 février 2009 à 11:24 +0100, Jerzy Wolinski a écrit : > After logging to sid I run "root terminal" from sid main menubar. > After that some other programs from menu are run also as root. > It applies to "terminal" (not root one) and "mc" (from > "debian/applications/terminal emulations" submenu), but not to "xterm" from > the same submenu. OK, in the end (and after I have messed with the BTS in unseen ways) there are two issues, which is why I have just unmerged the two bugs. This has nothing to do with D-Bus, I must have been drunk while uploading the first “fix”. 1) The security issue (#514110) leading to a user being able to control root’s terminal (and other applications). This is a bug in ORBit2 for which I have a patch. The corresponding NMU is attached; I’ll upload it in one or two days if there are no objections. For the security team: we should get this fixed in lenny and maybe in etch with a point release, but I don’t think this warrants a DSA. Maybe this warrants a CVE regardless, I’m not sure. 2) The usability issue; ORBIT_SOCKETDIR is shared between root and !root processes (for the sake of re-using the GConf daemon, I guess) and this leads to the impossibility of starting a root terminal as it re-uses an existing process. Since this doesn’t work in all cases anyway, let’s just drop ORBIT_SOCKETDIR and get done with it. This will be done in the next gksu upload. Cheers, -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
diff -u orbit2-2.14.16/debian/changelog orbit2-2.14.16/debian/changelog --- orbit2-2.14.16/debian/changelog +++ orbit2-2.14.16/debian/changelog @@ -1,3 +1,13 @@ +orbit2 (1:2.14.16-0.2) UNRELEASED; urgency=low + + * Non-maintainer upload. + * 200-socket-permissions.patch: New patch. Do not try to "fix" + permissions when running as root, with the sole result to allow + other users to write to root sockets and control applications. + Closes: #514110. + + -- Josselin Mouette <[email protected]> Wed, 04 Feb 2009 18:58:35 +0100 + orbit2 (1:2.14.16-0.1) unstable; urgency=low * Non-maintainer upload. only in patch2: unchanged: --- orbit2-2.14.16.orig/debian/patches/200-socket-permissions.patch +++ orbit2-2.14.16/debian/patches/200-socket-permissions.patch @@ -0,0 +1,59 @@ +--- linc2/src/linc-connection.c.orig 2009-02-04 18:54:49.395769644 +0100 ++++ linc2/src/linc-connection.c 2009-02-04 18:55:04.726766042 +0100 +@@ -548,25 +548,6 @@ + CNX_UNLOCK (cnx); + } + +-#ifndef G_OS_WIN32 +-static void +-fix_permissions (const char *filename) +-{ +- char *tmp_dir = g_strdup (filename); +- char *p; +- struct stat stat_buf; +- +- if (!tmp_dir) +- return; +- p = strrchr (tmp_dir, '/'); +- if (p) { +- *p = '\0'; +- stat (tmp_dir, &stat_buf); +- chown (filename, stat_buf.st_uid, -1); +- } +-} +-#endif +- + static gboolean + link_connection_do_initiate (LinkConnection *cnx, + const char *proto_name, +@@ -646,12 +627,6 @@ + } + #endif + +-#ifndef G_OS_WIN32 +- if (!strcmp (proto_name, "UNIX") && getuid() == 0) { +- fix_permissions (service); +- } +-#endif +- + LINK_TEMP_FAILURE_RETRY_SOCKET (connect (fd, saddr, saddr_len), rv); + #ifdef HAVE_WINSOCK2_H + if (rv == SOCKET_ERROR) { +--- linc2/src/linc-protocols.c.orig 2009-02-04 19:26:12.538765959 +0100 ++++ linc2/src/linc-protocols.c 2009-02-04 19:26:31.123319235 +0100 +@@ -1001,15 +1001,6 @@ + static void + link_protocol_post_create_unix (int fd, struct sockaddr *saddr) + { +-#ifndef G_OS_WIN32 +- struct sockaddr_un *saddr_un = (struct sockaddr_un *)saddr; +- +- if (getuid() == 0) { +- struct stat stat_buf; +- if (!stat (link_tmpdir, &stat_buf)) +- chown (saddr_un->sun_path, stat_buf.st_uid, -1); +- } +-#endif + } + #endif /* AF_UNIX */ +
signature.asc
Description: Ceci est une partie de message numériquement signée
