Hi, Evilham writes:
> Hi there, > > Am 03/07/2017 um 16:08 schrieb dev: >> Sounds like a "won't fix", too: >> >> "So, yeah, I don't think there's anything to fix in systemd here." >> - Poettering >> >> Not sure what's more troubling here[1]; the lack of concern, the >> digression from POSIX, or the bug/backdoor itself. Maybe all three. >> >> useradd 0day works on Devuan. adduser 0day does not. Which is correct? > > I had this discussion yesterday, so here are my 2 cents :-). > > It is quite inconsistent what a "valid username" is, apparently it has > gotten better. Indeed and that's exactly why systemd shouldn't assume it's living in a Happy World of overly optimistic assumptions. > According to POSIX, a valid username may include: a-z, A-Z, 0-9, ., -, _ > Where "-" cannot appear at the beginning. There is no further > restriction on the other chars. > http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_435 So if systemd were to adhere to POSIX (now I'm being overly optimistic, probably), systemd should check the user names in unit files for POSIX conformance and flatly refuse to do anything if they're not. If systemd were to just take any user name, then it should *still* check that whatever user name it gets actuall corresponds to an existing user (and that that user is a system user to boot) before going ahead and doing anything. Of course, all this checking negatively affect boot times so systemd simply assumes all's well ;-P > So, useradd works because it's lower level, adduser does not, because it > comes from shadow and they have more restrictions on what a valid name > is. IMHO that's a bug in shadow. > https://github.com/shadow-maint/shadow/blob/master/libmisc/chkname.c#L52 On an even lower level, any text editor + shell combination will let you add accounts with whatever whacky user name you can think of. As far as /etc/passwd (and /etc/shadow) are concerned, the ':' is just about the only character you cannot use file format wise. Whether login (or your display manager) will let you login with that is another matter but for systemd unit files the capability to login is not required. # UTF-8 user names anyone? ;-) > It is not possible, for example to execute: adduser name.lastname, which > is a valid POSIX username (but useradd name.lastname works fine). > > The biggest issue with that systemd bug is that it should refuse to run > the unit instead of overriding what the sysadmin wrote and running as root. The security conscious call that privilege escalation. Anyone capable of putting such a unit file on your system(d) will own your box as soon as the service runs. > But hey, that's why we are here on Devuan. Indeed. -- Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Software https://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
