Package: ninja Version: 0.1.3-2 Severity: important Dear Maintainer,
I ran ninja from a root shell while logged into a standard user account, initially with the attached ninja.conf and whitelist files using the command "ninja /etc/ninja/ninja.conf". "su" and "sudo" entries were removed from the whitelist file, and only GID 0 was specified as the "magic group". The (one and only) standard user account on this installation has a GID of 1000. I tested ninja by running "su" and "sudo synaptic -h" from a standard user shell, and both times they were allowed to run. Here are samples of entries from the nina log file: NEW ROOT PROCESS: su[1763] ppid=1758 uid=0 gid=1000 - ppid uid=1000(user) gid=1000 ppid=1699 + user is in magic group, all OK! NEW ROOT PROCESS: sudo[1891] ppid=1850 uid=0 gid=1000 - ppid uid=1000(user) gid=1000 ppid=1699 + user is in magic group, all OK! I tried the above again after re-running ninja without a ninja.conf specified and experienced the same results. I had expected both su and sudo to be blocked by ninja since neither were in the whitelist file and the user account was not in the magic group. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ninja depends on: ii libc6 2.19-7 ii logrotate 3.8.7-1 ninja recommends no packages. ninja suggests no packages. -- Configuration Files: /etc/ninja/ninja.conf changed: group = 0 daemon = yes interval = 0 logfile = /root/ninja.log whitelist = /etc/ninja/whitelist external_command = '!!! PRIVILEGE ESCALATION DETECTED !!!' no_kill = no no_kill_ppid = no ignore_root_procs = yes log_whitelist = no require_init_wlist = no proc_scan_offset = 0 /etc/ninja/whitelist changed: /bin/fusermount:users: /usr/bin/passwd:users: /usr/bin/pulseaudio:users: /usr/sbin/hald:haldaemon: /usr/lib/hal/hald-runner:haldaemon: -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
