Package: libutempter0 Version: 1.1.5-4 Severity: normal Tags: security libutempter0 package contains a setgid helper binary, utempter, which is supposed to be used to modify utmp records on behalf of "semi-privileged" users. For this reason it is installed as setgid-utmp. And in order to restrict who can run it, the binary is placed into a subdirectory which is supposed to be accessible by members of a single group, also called utempter. This is, at least, how I interpret this whole thing.
However, libutempter0 package goes on to set proper group for the directory, but fails to set proper permissions, and the directory has regular 0755 permissions, even if owned by utempter group. So the "semi-privileged" part of the picture isn't enforced, and everyone is able to run the sgid helper and apparently mess up with utmp records. This is just my understanding, I might be wrong. But at any rate the resulting setup is quite unusual - we should either enforce the restrition (by removing "x" permission for "others" for this dir), or stop shipping the helper in a subdirectory, putting it directly into /usr/lib. If the former, I think statoverride mechanism shuold be used for this, instead of chgrp'ing the directory in postinst script. Adding `security' tag because this issue has possible security implications. Thanks, /mjt _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
