Bug#356016: marked as done (chpst: setting of multiple groups using -u is broken)

Mon, 20 Mar 2006 15:00:27 -0800 

Your message dated Mon, 20 Mar 2006 14:34:12 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#356016: fixed in runit 1.4.1-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: runit
Version: 1.3.3-1
Severity: critical
Tags: security
Justification: root security hole

Hi Gerrit,

As I told you during lunch a few weeks ago, the chpst binary in the
Sid package of runit behaves buggy regarding multiple groups in the
-u parameter:

$ strace -s 4096 -f /usr/bin/chpst -u 
nobody:ipod:nogroup:camera:mythtv/bin/sleep 1 2>&1 | grep setgroups

setgroups(4, [1006, 0, 65534, 0])       = 0

The 0 groups are wrong here, so the process gets permissions for the
root group where is shouldn't!

The correct group IDs look like this:

$ grep -E "ipod|nogroup|camera|mythtv" /etc/group
nogroup:x:65534:
mythtv:x:110:scorpion
ipod:x:1006:scorpion
camera:x:1009:scorpion

A chpst binary built using just "make" on my unstable system (which will be
linked against glibc) behaves correctly:

$ strace -s 4096 -f src/runit-1.3.3/admin/runit-1.3.3/src/chpst -u 
nobody:ipod:nogroup:camera:mythtv /bin/sleep 1 2>&1 | grep setgroups

setgroups32(4, [1006, 65534, 1009, 110]) = 0

I think the reason is that dietlibc handles the gid_t type as 16 bit on
i386. In /usr/include/diet/sys/types.h, I found this:

#elif defined(__arm__) || defined(__i386__) || defined(__sparc__) || 
defined(__s390__) /* make sure __s390x__ hits before __s390__ */
    typedef uint16_t dev_t;
    typedef uint16_t gid_t;

Whereas glibc uses 32 bit for gid_t on i386.

In chpst, a struct uidgid will be used to build the list for setgroups,
and it uses int for the groups:

struct uidgid {
  int uid;
  int gid[61];
  int gids;
};

Therefore, on the little endian i386 architecture with dietlibc, the
list of 32 bit values supplied by chpst will be threated as a list of
16 bit values in setgroups(), resulting in a 0 on each second list entry.

I suggest to use gid_t in the struct uidgid to fix this.

Regards,
Tino

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15.1
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: runit
Source-Version: 1.4.1-1

We believe that the bug you reported is fixed in the latest version of
runit, which is due to be installed in the Debian FTP archive:

runit_1.4.1-1.diff.gz
  to pool/main/r/runit/runit_1.4.1-1.diff.gz
runit_1.4.1-1.dsc
  to pool/main/r/runit/runit_1.4.1-1.dsc
runit_1.4.1-1_i386.deb
  to pool/main/r/runit/runit_1.4.1-1_i386.deb
runit_1.4.1.orig.tar.gz
  to pool/main/r/runit/runit_1.4.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gerrit Pape <[EMAIL PROTECTED]> (supplier of updated runit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 20 Mar 2006 19:34:34 +0000
Source: runit
Binary: runit
Architecture: source i386
Version: 1.4.1-1
Distribution: unstable
Urgency: low
Maintainer: Gerrit Pape <[EMAIL PROTECTED]>
Changed-By: Gerrit Pape <[EMAIL PROTECTED]>
Description: 
 runit      - a UNIX init scheme with service supervision
Closes: 356016
Changes: 
 runit (1.4.1-1) unstable; urgency=low
 .
   * new upstream version.
     * fixes setting of multiple groups with dietlibc (thx Tino Keitel,
       closes: #356016).
   * debian/rules: no longer install the runsvctrl, runsvstat, svwaitdown,
     svwaitup programsi an man pages, use sv instead; move getty-5 service
     directory to /etc/sv/getty-5/; move /var/run/getty-5/ to
     /var/run/sv.getty-5/.
   * debian/runit.conffiles: adapt.
   * debian/runit.preinst, debian/runit.postinst: move conffiles, preserve
     user changes.
Files: 
 1c937584de66d48f9d9e9505eb467947 628 admin optional runit_1.4.1-1.dsc
 00c52272eddab7a8cba5dac128dc79c0 102958 admin optional runit_1.4.1.orig.tar.gz
 bfdd3a854282d0fdf174e4d72d39a858 8328 admin optional runit_1.4.1-1.diff.gz
 2d0d628e7e3183f72aef25e6b6872e66 100108 admin optional runit_1.4.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEHwlAGJoyQbxwpv8RAjQAAJ4/zMzSEQOG/34sqiRrTftRKXkiUACeMksr
Vlj54nwh2O3mVEzN1vybuBM=
=9IFQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to