** Visibility changed to: Public ** Description changed:
(15:19:34) rlaager: Security Question: /usr/bin/at is currently permissioned "6755 daemon daemon". Doesn't that make it possible, if there's a bug in at, for a regular use to run at, which could be used to overwrite itself, leaving evil code for root to run later on? In other words, wouldn't 6555 be better? (15:29:36) infinity: rlaager: Can you file a bug? (15:29:56) infinity: rlaager: But yeah, potentially true of any non-root suid binary, I suppose. (15:30:15) ***infinity wonders how many of those we have... (15:30:59) rlaager: I think at is the only one (in a <= desktop install, which is what I have). (15:32:07) infinity: rlaager: The real bug could be that it should be 2755 root:daemon instead. (15:32:33) rlaager: infinity: The changelog documents the intention to be suid daemon. (15:33:02) infinity: rlaager: Sure, but perhaps sgid would be enough. Dunno. Either way, bug report please. ;) + (15:35:54) rlaager: infinity: Should I subscribe the Ubuntu Security Team or not? + (15:36:06) infinity: Ahh, kay, so the changelog details why it needs to run as daemon (to signal atd), but it also claims it's installed 6555. + (15:36:19) infinity: So, it might just be a packaging error introduces later that made it 6755. + (15:36:25) infinity: I see no mention of the change. + (15:37:10) infinity: rlaager: If it's in previous releases as well, yeah. This would probably warrant an update. It's not exactly a massive exposure window (or, possibly, not one at all, if at is bug-free), but it's a security bug nonetheless. + (15:38:11) infinity: The part where it does everything internally sgid, though, and only needs daemon to signal itself seems like something that cuold be fixed. + (15:38:14) ***infinity shrugs. - ProblemType: Bug - DistroRelease: Ubuntu 12.04 Package: at 3.1.13-1ubuntu1 [modified: usr/bin/at usr/sbin/atd] - ProcVersionSignature: Ubuntu 3.2.0-21.34-generic 3.2.13 - Uname: Linux 3.2.0-21-generic x86_64 - NonfreeKernelModules: nvidia - ApportVersion: 2.0-0ubuntu4 - Architecture: amd64 - Date: Tue Apr 3 15:33:45 2012 - EcryptfsInUse: Yes - InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120330) - ProcEnviron: - TERM=xterm - PATH=(custom, user) - LANG=en_US.UTF-8 - SHELL=/bin/bash - SourcePackage: at - UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/972824 Title: /usr/bin/at should perhaps be permissioned 6555 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/at/+bug/972824/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
