Package: open-iscsi Version: 2.0.871.3-1 Severity: normal
The iscsid daemon only allows root to manage the iscsi disks. To check that the user is root it fist gets the uid, then calls getpwent on the uid and then compares the username with the string "root". This is imho stupid and superfluous as just comparing the uid to zero would give the same level of sucurity wiht much less code. What's more, there is no /etc/passwd in initramfs. This patch just installs a default pwent entry for root in case getpwent fails. However, ripping out the junk with getpwent is suggested. I tried with the 2.0.870-rc3 iscsid but the patch still applies. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (900, 'stable'), (700, 'testing'), (500, 'oldstable'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.34-rc5-atom64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages open-iscsi depends on: ii libc6 2.10.2-9 Embedded GNU C Library: Shared lib ii udev 154-1 /dev/ and hotplug management daemo open-iscsi recommends no packages. open-iscsi suggests no packages. -- no debconf information
There is no /etc/passwd in initramfs so authentication using getpwent fails. It is stupid anyway, just checking that the uid is zero would be much simpler and provide the same level of security. diff -ur open-iscsi-2.0.870~rc3/usr/mgmt_ipc.c open-iscsi-2.0.870~rc3.default_user/usr/mgmt_ipc.c --- open-iscsi-2.0.870~rc3/usr/mgmt_ipc.c 2008-09-26 01:53:08.000000000 +0200 +++ open-iscsi-2.0.870~rc3.default_user/usr/mgmt_ipc.c 2009-09-10 23:31:05.000000000 +0200 @@ -359,9 +359,15 @@ pass = getpwuid(peercred.uid); if (pass == NULL) { - log_error("peeruser_unix: unknown local user with uid %d", - (int) peercred.uid); - return 0; + if(peercred.uid) { + log_error("peeruser_unix: unknown local user with uid %d", + (int) peercred.uid); + return 0; + } else { + log_error("peeruser_unix: getpwuid failed for uid 0, returning root"); + strncpy(user, "root", PEERUSER_MAX); + return 1; + } } strncpy(user, pass->pw_name, PEERUSER_MAX);