Re: setuid binary in ktsuss

2008-02-09 Thread Hubert Chathi 
On Sat, 09 Feb 2008 14:13:30 -0800 Russ Allbery <[EMAIL PROTECTED]> wrote:

> Yves-Alexis Perez <[EMAIL PROTECTED]> writes:
> 
> > I'm about to upload ktsuss to debian, wich is a graphical wrapper
> > around su (much like gksu but without any gnome dependency). One
> > point puzzles me, the ktsuss binary is setuid root (so it can read
> > the root password). gksu doesn't do this (it calls su, I guess).
> 
> I would expect it to use PAM, which uses the setuid unix_chkpwd
  ^^^
As long as you're using pam_unix.  It appears that if you use
pam_unix2, you still need to be suid, since pam_unix2 doesn't have its
own suid wrapper [1].  (I don't know what it's like with pam_pwdfile,
etc.)

Now, whether pam_unix2 should use a wrapper or not is the subject of a
different flamewar...

[1] http://bugs.debian.org/295526
http://bugs.debian.org/362954

> binary. If it's not using PAM, that's probably a bug.
> 


-- 
Hubert Chathi <[EMAIL PROTECTED]> -- Jabber: [EMAIL PROTECTED]
PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: setuid binary in ktsuss

2008-02-09 Thread Russ Allbery 
Yves-Alexis Perez <[EMAIL PROTECTED]> writes:

> I'm about to upload ktsuss to debian, wich is a graphical wrapper around
> su (much like gksu but without any gnome dependency). One point puzzles
> me, the ktsuss binary is setuid root (so it can read the root password).
> gksu doesn't do this (it calls su, I guess).

I would expect it to use PAM, which uses the setuid unix_chkpwd binary.
If it's not using PAM, that's probably a bug.

-- 
Russ Allbery ([EMAIL PROTECTED])   


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

setuid binary in ktsuss

2008-02-09 Thread Yves-Alexis Perez 
Hi,

I'm about to upload ktsuss to debian, wich is a graphical wrapper around
su (much like gksu but without any gnome dependency). One point puzzles
me, the ktsuss binary is setuid root (so it can read the root password).
gksu doesn't do this (it calls su, I guess).

I don't really want to upload a setuid binary if it's not safe, but the
code looks good (and is really tiny). Could some people on this list
take some time and check the code?

dsc can be found at:
http://molly.corsac.net/~corsac/debian/ktsuss_1.3-1.dsc

Thanks for your time,
-- 
Yves-Alexis


signature.asc
Description: This is a digitally signed message part