[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mandb wrapper scripts



On Tue, Feb 08, 2000 at 01:43:23PM -0800, Joey Hess wrote:
> Ok, I'm confused. The changelog says:
> 
>   * security fix: moved setuid binaries to /usr/lib/man-db and added
>     shell wrapper to execute as user nobody when invoked by root.
>     This would avoid having anybody running man as root, or cron running
>     mandb.
> 
> Was this done out of sheer paranioa, or is there a real security hole this
> addresses?

Like most of the security stuff, it's paranoia level is quite high:

	> Debian's /usr/bin/man is setuid "man", not setuid "root".
 
	This should not be viewed as a cure-all. In fact it doesn't
	really offer much added security over being setuid root. An
	attacker that gained access as user "man" could then modify the
	man binary itself and wait until root runs it.

Now think that this is not only concerning "man" binary, but also
"mandb" binary, which is weekly run by cron as root.
Also the "usage" for it says that it must be run by root.


fab
-- 
| fab@pukki.ntc.nokia.com     fpolacco@prosa.it    fpolacco@debian.org
| 6F7267F5 fingerprint 57 16 C4 ED C9 86 40 7B 1A 69 A1 66 EC FB D2 5E
| fabrizio.polacco@nokia.com                  gsm: +358 (0)40 707 2468


Reply to: