Public bug reported:
For something designed to expose itself to external connections and
ingest arbitrary content off the public Internet, Privoxy's systemd
service file on Ubuntu 24.04.4 LTS grants it far too much leeway to have
an exploitable bug.
While I've only tested it to work with the features I personally use,
I'm attaching the unit file override I use so it can serve as a starting
point for discussion.
My changes take the exposure level rating of`systemd-analyze security
privoxy.service` from `9.6 UNSAFE 😨` to `1.1 OK 🙂`.
...and the overwhelming majority of that improvement (down to roughly a
score of `2.0 OK 🙂`) is independent of the last few changes. Those last
few changes were:
1. To remove `CAP_SETUID` and `CAP_SETGID` permissions from
`CapabilityBoundingSet=` and add `~@privileged` to `SystemCallFilter=`,
it was necessary to remove `--user $OWNER` from `ExecStart=` and instead
rely on `User=privoxy`.
2. Rather than bothering to fix the pidfile permissions after going
`User=privoxy`, I just added `--no-daemon`, `Type=exec`, and allowed
Privoxy to log to journald via the standard streams instead of to
`/var/log/privoxy`. (This change also allowed me to go from
`ProtectSystem=full` to `ProtectSystem=strict`.)
I believe one example of a feature I don't use which will require a
further change is that `ProtectSystem=full` and `ProtectSystem=strict`
both render `/etc` read-only, which means Privoxy's in-browser rules
editor will require appropriate `ReadWritePaths=` values to restore that
functionality.
With the exception of the aforementioned `/var/log/privoxy`, it looks
like a list of all the files stock Privoxy retains read-write access to
after dropping root would be `ReadWritePaths=/etc/privoxy/match-
all.action /etc/privoxy/trust /etc/privoxy/user.action
/var/lib/privoxy/certs`.
** Affects: privoxy (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "/etc/systemd/system/privoxy.service.d/override.conf"
https://bugs.launchpad.net/bugs/2159082/+attachment/5980056/+files/override.conf
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2159082
Title:
Privoxy's systemd unit is far too lenient
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/privoxy/+bug/2159082/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs