[Barry-devel] [RFC] Make barry utilities setuid?

[Niels de Vos]

Hello,

attached is a patch for the specfile for setting the setuid-bit on
some executables. It would be really cool if a normal (non-root) user
is able to use the barry utilities.
This patch only displays what could be done in the specfile to achieve
this. As some execuatbles read/write files, this is very dangerous at
the moment; any user would get root-rights for reading/writing files.

I would like to compose a TODO-list with:
* how to make an executable secure?
* which binaries should be secure?
* does barrybackup call other binaries or does it use libbarry?
* ...

Any thoughts?

Niels

diff --git a/rpm/barry.spec b/rpm/barry.spec
index 3e241ef..abb1033 100644
--- a/rpm/barry.spec
+++ b/rpm/barry.spec
@@ -185,14 +185,14 @@ cd ../
 
 %files util
 %defattr(-,root,root)
-%attr(0755,root,root) %{_sbindir}/bcharge
-%attr(0755,root,root) %{_sbindir}/breset
-%attr(0755,root,root) %{_sbindir}/pppob
-%attr(0755,root,root) %{_bindir}/btool
+%attr(4755,root,barry) %{_sbindir}/bcharge
+%attr(4755,root,barry) %{_sbindir}/breset
+%attr(4755,root,barry) %{_sbindir}/pppob
+%attr(4755,root,barry) %{_bindir}/btool
 %attr(0755,root,root) %{_bindir}/bs11nread
-%attr(0755,root,root) %{_bindir}/bidentify
-%attr(0755,root,root) %{_bindir}/brecsum
-%attr(0755,root,root) %{_bindir}/upldif
+%attr(4755,root,barry) %{_bindir}/bidentify
+%attr(4755,root,barry) %{_bindir}/brecsum
+%attr(4755,root,barry) %{_bindir}/upldif
 %attr(0755,root,root) %{_bindir}/bktrans
 %attr(0755,root,root) %{_bindir}/btranslate
 %attr(0644,root,root) %{_mandir}/man1/btool*
@@ -235,6 +235,13 @@ cd ../
 [ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
 [ "%{barryroot}" != "/" ] && %{__rm} -rf %{barryroot}
 
+%pre util
+if ! getent group barry > /dev/null
+then
+	groupadd -r barry
+fi
+exit 0
+
 %post -n libbarry
 /sbin/ldconfig
 
@@ -242,6 +249,10 @@ cd ../
 /sbin/ldconfig
 
 %changelog
+* Thu Jul 17 2008 Niels de Vos <[EMAIL PROTECTED]>
+- create system group barry in %pre
+- set setuid bit on some executables for group barry
+
 * Thu May 29 2008 Chris Frey <[EMAIL PROTECTED]> 0.13-1
 - version bump
 - added brecsum

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Barry-devel mailing list
Barry-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/barry-devel