*** This bug is a security vulnerability ***
Public security bug reported:
Network Manager starts dnsmasq to provide better performing DNS service
to the end user; however, it starts dnsmasq as user nobody:
$ ps auwwx | grep [d]nsmasq
nobody 993 0.0 0.1 33072 1120 ? S 12:06 0:00
/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces
--pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid
--listen-address=127.0.1.1 --conf-file=/var/run/nm-dns-dnsmasq.conf
--cache-size=0 --proxy-dnssec
--enable-dbus=org.freedesktop.NetworkManager.dnsmasq
--conf-dir=/etc/NetworkManager/dnsmasq.d
Generally it's bad form from a security perspective to run daemons as
user nobody because a vulnerability in one daemon will possibly allow
it, when compromised, to interfere with another daemon that is also
running as nobody. The preferred solution is to run it under a service-
specific system user.
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: network-manager 0.9.6.0-0ubuntu7
ProcVersionSignature: Ubuntu 3.5.0-22.34-generic 3.5.7.2
Uname: Linux 3.5.0-22-generic x86_64
ApportVersion: 2.6.1-0ubuntu10
Architecture: amd64
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not
found.
Date: Fri Jan 25 14:17:36 2013
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
InstallationDate: Installed on 2013-01-25 (0 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
IpRoute:
default via 10.0.2.2 dev eth0 proto static
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 1
169.254.0.0/16 dev eth0 scope link metric 1000
IwConfig:
eth0 no wireless extensions.
lo no wireless extensions.
MarkForUpload: True
NetworkManager.state:
[main]
NetworkingEnabled=true
WirelessEnabled=true
WWANEnabled=true
WimaxEnabled=true
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
RfKill:
SourcePackage: network-manager
UpgradeStatus: No upgrade log present (probably fresh install)
nmcli-con:
NAME UUID TYPE
TIMESTAMP TIMESTAMP-REAL AUTOCONNECT READONLY
DBUS-PATH
Wired connection 1 6065df63-d4a5-4426-bf03-4b938adcdf28
802-3-ethernet 1359152173 Fri 25 Jan 2013 02:16:13 PM PST yes
no /org/freedesktop/NetworkManager/Settings/0
nmcli-dev:
DEVICE TYPE STATE DBUS-PATH
eth0 802-3-ethernet connected
/org/freedesktop/NetworkManager/Devices/0
nmcli-nm:
RUNNING VERSION STATE NET-ENABLED WIFI-HARDWARE WIFI
WWAN-HARDWARE WWAN
running 0.9.6.0 connected enabled enabled
enabled enabled disabled
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug quantal running-unity
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1105493
Title:
network manager runs dnsmasq as user nobody
Status in “network-manager” package in Ubuntu:
New
Bug description:
Network Manager starts dnsmasq to provide better performing DNS
service to the end user; however, it starts dnsmasq as user nobody:
$ ps auwwx | grep [d]nsmasq
nobody 993 0.0 0.1 33072 1120 ? S 12:06 0:00
/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces
--pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid
--listen-address=127.0.1.1 --conf-file=/var/run/nm-dns-dnsmasq.conf
--cache-size=0 --proxy-dnssec
--enable-dbus=org.freedesktop.NetworkManager.dnsmasq
--conf-dir=/etc/NetworkManager/dnsmasq.d
Generally it's bad form from a security perspective to run daemons as
user nobody because a vulnerability in one daemon will possibly allow
it, when compromised, to interfere with another daemon that is also
running as nobody. The preferred solution is to run it under a
service-specific system user.
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: network-manager 0.9.6.0-0ubuntu7
ProcVersionSignature: Ubuntu 3.5.0-22.34-generic 3.5.7.2
Uname: Linux 3.5.0-22-generic x86_64
ApportVersion: 2.6.1-0ubuntu10
Architecture: amd64
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211
not found.
Date: Fri Jan 25 14:17:36 2013
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
InstallationDate: Installed on 2013-01-25 (0 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
IpRoute:
default via 10.0.2.2 dev eth0 proto static
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 1
169.254.0.0/16 dev eth0 scope link metric 1000
IwConfig:
eth0 no wireless extensions.
lo no wireless extensions.
MarkForUpload: True
NetworkManager.state:
[main]
NetworkingEnabled=true
WirelessEnabled=true
WWANEnabled=true
WimaxEnabled=true
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
RfKill:
SourcePackage: network-manager
UpgradeStatus: No upgrade log present (probably fresh install)
nmcli-con:
NAME UUID TYPE
TIMESTAMP TIMESTAMP-REAL AUTOCONNECT READONLY
DBUS-PATH
Wired connection 1 6065df63-d4a5-4426-bf03-4b938adcdf28
802-3-ethernet 1359152173 Fri 25 Jan 2013 02:16:13 PM PST yes
no /org/freedesktop/NetworkManager/Settings/0
nmcli-dev:
DEVICE TYPE STATE DBUS-PATH
eth0 802-3-ethernet connected
/org/freedesktop/NetworkManager/Devices/0
nmcli-nm:
RUNNING VERSION STATE NET-ENABLED WIFI-HARDWARE
WIFI WWAN-HARDWARE WWAN
running 0.9.6.0 connected enabled enabled
enabled enabled disabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1105493/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
