On Sun, Jan 26, 2003 at 10:24:58AM +0100, Ralf S. Engelschall wrote:
>On Sat, Jan 25, 2003, Bill Campbell wrote:
>
...snip....
>But you're right: perhaps we should not even recommend to use the
>management user for building, but the nobody user. Hmmm... your points
>are worth considering more, because here we have a subtle issue on
>which we should investigate more and discuss it in depth. What are the
>opinions of others?
>
>> This ties back to my question last week about the security implications of
>> running package rc.%{name} files which are writeable by users other than
>> root. If the working directories are owned by %{l_susr} (defaulting to
>> root), this goes a long way towards securing these scripts. A further step
>> would be for the etc/rc script to check the ownership of any files, and
>> their directory components running with root priviledges to insure that
>> they're only writeable by %{l_susr}.
>
>Perhaps you've missed by reply, but from a security point of view IMHO
>we do not gain very much by doing it just this way. Because the problem
>is that all rc scripts theirself call other programs, etc. And this way
>all the super user ownerships and tests are useless as long as just a
>single program of this is not owned by the super user, aren't they?
It's been a long time since I looked closely at the code for COPS, but if I
remember correctly, this what the the kuang tests do, check down through
the chains of execution for files with suspicious ownership. Looking at
the code I have here which hasn't been updated since 2000 or so, it doesn't
look like it deals with the current Linux crontab model so doesn't parse
the /etc/crontab file (I'll have to do a bit of hacking tonight :-).
I've found COPS to be very useful, particularly in evaluating a vendor's
default installation. In one case, SCO released a version of OpenServer
with 777 permissions on ``/'' and throughout their symlink hell,
/opt/SCO.... This happened between the final beta cut and FCS (First
Customer Ship). I found it with COPS, immediately notified some friends at
SCO, and to their credit SCO stopped shipping that version until they recut
it with the holes closed.
Bill
--
INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
``Freedom from prices is freedom from responsibility. You can simply pass
laws, using the magic wand of government to satisfy your own desires at
unspecified costs to be paid by others.'' -- Thomas Sowell Aug 2000
______________________________________________________________________
The OpenPKG Project www.openpkg.org
Developer Communication List [EMAIL PROTECTED]
