Re: Permission policy
On Wed, Mar 15, 2000 at 01:12:49PM +0100, Volker Ossenkopf wrote: I need some advice to solve a recent bug report regarding a frozen package. You could make it suid to a user who has 2 additional groups. In that case the program should reset its uid after the devices are open (same would be true for suid root, but thats not a good idea). BTW: there is a idea for settig groups for console access to devices like cdrom, floppy, sound, mic, cam... so each user who logs into the sonsole will get added to that groups, then your program does not need to be sgid anyrthing, which is bad anyway since everybody even on networked terminal could start it. Greetings Bernd
Re: Permission policy
On Thu, Mar 16, 2000 at 01:43:22AM +0100, Bernd Eckenfels wrote: BTW: there is a idea for settig groups for console access to devices like cdrom, floppy, sound, mic, cam... so each user who logs into the sonsole will get added to that groups, then your program does not need to be Which is a waste of effort if the user can create a sgid shell. -- Mike Stone pgpoOhrqTUiQq.pgp Description: PGP signature
Re: Permission policy
On Thu, Mar 16, 2000 at 01:43:22AM +0100, Bernd Eckenfels wrote: On Wed, Mar 15, 2000 at 01:12:49PM +0100, Volker Ossenkopf wrote: ... BTW: there is a idea for settig groups for console access to devices like cdrom, floppy, sound, mic, cam... so each user who logs into the sonsole will get added to that groups, then your program does not need to be sgid anyrthing, which is bad anyway since everybody even on networked terminal could start it. I am by setting all linux installations this way: I add this line to /etc/security/group.conf: login;tty?|tty??!ttyp*;*;Al-2400;floppy, audio and configure pam to use it. -- --- | Radovan Garabik http://melkor.dnp.fmph.uniba.sk/~garabik/ | | __..--^^^--..__garabik @ melkor.dnp.fmph.uniba.sk | --- Antivirus alert: file .signature infected by signature virus. Hi! I'm a signature virus! Copy me into your signature file to help me spread!
Re: Permission policy
Radovan Garabik [EMAIL PROTECTED] writes: On Thu, Mar 16, 2000 at 01:43:22AM +0100, Bernd Eckenfels wrote: BTW: there is a idea for settig groups for console access to devices like cdrom, floppy, sound, mic, cam... so each user who logs into the sonsole will get added to that groups, then your program does not need to be sgid anyrthing, which is bad anyway since everybody even on networked terminal could start it. I am by setting all linux installations this way: I add this line to /etc/security/group.conf: login;tty?|tty??!ttyp*;*;Al-2400;floppy, audio and configure pam to use it. This has a trivial attack. Once someone logs in to the console, he is a member of the floppy group, therefore he can do the following: cp /bin/sh ~ chgrp floppy ~/sh chmod g+s ~/sh And later when he logs in through the network, he simply runs ~/sh to regain access to the floppy group. (of course, this attack can be prevented using mount options to disable setgid executables on all filesystems where users have write access) - Ruud de Rooij. -- ruud de rooij | [EMAIL PROTECTED] | http://ruud.org
Re: Permission policy
On Mar 16, Michael Stone [EMAIL PROTECTED] wrote: Which is a waste of effort if the user can create a sgid shell. Do you really mount user-writeable directories without the nosuid option? -- ciao, Marco
Re: Permission policy
On Thu, Mar 16, 2000 at 09:39:41PM +0100, Marco d'Itri wrote: On Mar 16, Michael Stone [EMAIL PROTECTED] wrote: Which is a waste of effort if the user can create a sgid shell. Do you really mount user-writeable directories without the nosuid option? 1. Depends on the environment. Unfortunately, nosuid isn't guaranteed to work in all cases (e.g., sperl). 2. The point was that the auto group function isn't a magic bullet and needs to be evaluated in context. In some cases it might make more sense to have a world-writable audio device than to play games with groups. -- Mike Stone pgptDzDGj269s.pgp Description: PGP signature
Re: Permission policy
Ruud de Rooij [EMAIL PROTECTED] wrote: (of course, this attack can be prevented using mount options to disable setgid executables on all filesystems where users have write access) But the user can still leave a process running with the privileges after he logs out. Now whenever he logs in from anywhere else in the world, he can request the privileges from that process. -- Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Permission policy
I need some advice to solve a recent bug report regarding a frozen package. The program needs rx-permissions for a device belonging to the cdrom group and rw-permissions for a device belonging to the audio group. Until now the program is sgid cdrom to work correctly with the cdrom-device without changing the permissions for that device but I do not see a simple solution for the audio access without making the audio device world readable and writeable which is certainly a violation of the policy. Any ideas? Best wishes Volker -- - Volker OssenkopfKOSMA (Kölner Observatorium für submm-Astronomie) Tel.: 0221 47034851. Physikalisches Institut der Fax.: 0221 4705162 Universität zu Köln E-Mail: [EMAIL PROTECTED] -
Re: Permission policy
hi, The program needs rx-permissions for a device belonging to the cdrom group and rw-permissions for a device belonging to the audio group. Any ideas? users using your program and thus being able to access the sound / cdrom hardware should be in the cdrom+audio group for themself its not your programs task to gain access, it should already be provided by the calling process. you could print a message that the user should ask the sysadmin to add them to these groups if your open-call fails. -- CU, / Friedrich-Alexander University Erlangen, Germany Martin Waitz// [Tali on IRCnet] [tali.home.pages.de] _ __/// - - - - - - - - - - - - - - - - - - - - /// dies ist eine manuell generierte mail, sie beinhaltet// tippfehler und ist auch ohne grossbuchstaben gueltig. / pgpR8ukc7ZwKx.pgp Description: PGP signature