Bug#324678: xinetd: tcpmux does not change the uid of server proccess

Tue, 23 Aug 2005 06:08:27 -0700 

Package: xinetd
Version: 1:2.3.13-3
Severity: important


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Philipp Grau <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: xinetd: tcpmux does not change the uid of server proccess
X-Reportbug-Version: 3.8

Package: xinetd
Version: 1:2.3.13-3
Severity: important

Using the TCPMUXPLUS internal service of xinetd does not work as
expected. xinetd does not change the uid of a server proccess if the
service is called via TCPMUX(PLUS). The configuration attribute "user"
does not take any effect. 

Example to reproduce the error:

Using the following configuration:

----------8<--------snipp---------8<-------------------------
# cut'n'paste from xinetd.conf(5) 
service tcpmux                    
{                    
 disable         = no                    
 type            = INTERNAL                            
 id              = tcpmux           
 socket_type     = stream          
 protocol        = tcp    
 user            = root
 wait            = no                                                           
      
}

# test example
service test_server
{
 disable             = no
 type                = TCPMUXPLUS
 socket_type         = stream
 protocol            = tcp
 wait                = no
 user                = testuser
 server              = /usr/bin/id
}
----------8<--------snipp---------8<-------------------------

Using the above configuration we get the following result:

$ telnet 127.0.0. 1
Trying 127.0.0.1...
test_server
+Go
uid=0(root) gid=0(root) groups=0(root)
Connection closed by foreign host.

The expected result would have been:

$ telnet 127.0.0. 1
Trying 127.0.0.1...
test_server
+Go
uid=1000(testuser) gid=1000(testuser) groups=1000(testuser)
Connection closed by foreign host.

Futher hints:

After looking through the sources, it seems like there is something
missing in the TCPMUX implementation. The sub-service is called by
exec_server() and then an execve() is called to start the external
program. No setuid() before the execve(). 

A setuid() call is only made for child_process() in set_credentials().
So it is possible to run TCPMUX under a different uid, but not the
sub-service.                                                     

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.11.10.20050519
Locale: LANG=C, LC_CTYPE=de_DE.ISO8859-1 (charmap=ISO-8859-1)

Versions of packages xinetd depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libwrap0                    7.6.dbs-8    Wietse Venema's TCP wrappers libra
hi  netbase                     4.19         Basic TCP/IP networking system

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to