Re: possible bugs in xfs-related packages

To: debian-devel@lists.debian.org
Subject: Re: possible bugs in xfs-related packages
From: Henrique M Holschuh <hmh+debianml@rcm.org.br>
Date: Tue, 23 Nov 1999 15:19:08 -0200
Message-id: <19991123151908.A2356@rivendell.sol>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <v04210105b4606d0a4ad0@[192.168.0.1]>; from erbenson@alaska.net on Tue, Nov 23, 1999 at 07:28:03AM -0900
References: <19991123125317.A1933@rivendell.sol> <v04210105b4606d0a4ad0@[192.168.0.1]>

On Tue, 23 Nov 1999, Ethan Benson wrote:
> On 23/11/99 Henrique M Holschuh wrote:
> 
> >Maybe the xfs packages will need to be started already suid to a xfs user
> >after all... :-(
> 
> I assume you mean its running into permission problems with 
> /var/run/xfs.pid?  (i can't think of anything else it needs 
> privileges for that it does not have as nobody)

I don't really know. xfs-xtt shouldn't need to touch that file when it
receives a SIGUSR1, so why would it die? Now, I don't know about the socket
stuff in /tmp, but something else might be amiss here. That's why I filled
this as a separate bug.

I do know my old xfs-xtt (Xfree86's xfs v.3.3.1 + X-TT patch 1.3) accepted
these signals happly, and it was run in a non priviledged uid.

> this would be solved by the subdirectory in /var/run that xfs can 
> write to its pid.

But the sockets would still be uid nobody, and thus to crash someone's
xserver you only need to break nobody and trash them. This is most certainly
Not a Good Thing.

> and further to this, xfs should not be run as nobody, I do not think 
> anything that writes to files anywhere should be running as nobody 
> but rather its own user (please see recent archives on this)

I agree. The xfs man page actually warns against using -user...

> xfs user defined in debian for this use. (Wichert I think your 
> maintainer of base-passwd, comments?)

That would fix things, and overall improve security, I think. Especially
since attacking xfs results easily in XFree86 crashes, so we're talking
about really easy-to-do DoS here once something running as nobody is
subverted. Heck, you just need to kill -HUP <xfs-xtt pid> as nobody to
manage it right now... 

This is broken Xserver behaviour, of course, and I already filled a bug
against xserver-common, #51086.

This means we either run xfs as root (BAD) or as its own user until Xfree86
learns to cope better with font servers, or we risk a xserver segfault :^(

It's up to the base-passwd, xfs, xfstt and xfs-xtt maintainers now, I think.

> also I think that there should be no files anywhere owned by nobody 
> and currently that is required because the xfs's run as nobody.

Hmm...

# find -user nobody
./var/tmp/.font-unix
./var/tmp/.font-unix/fs7100

and of course the proc entries for processes running as nobody.

So, the only package being nasty in my system by having files owned by
nobody is xfs-xtt.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: possible bugs in xfs-related packages
  - From: Ethan Benson <erbenson@alaska.net>

References:
- possible bugs in xfs-related packages
  - From: Henrique M Holschuh <hmh+debianml@rcm.org.br>
- Re: possible bugs in xfs-related packages
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: imap_4.6-4 works, hmm...., partially :(((
Next by Date: Re: Package Pool Proposal
Previous by thread: Re: possible bugs in xfs-related packages
Next by thread: Re: possible bugs in xfs-related packages
Index(es):
- Date
- Thread