The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: permissions on setuid binaries



Daniel Quinlan wrote:

>>  Using shadow passwords fixes this unless you install a package
>>  that includes a setuid root program that is not configured or
>>  designed properly to run setuid root.

Christoph Lameter <clameter@waterf.org> writes:

> Have you ever checked the facts on the claim that I have done
> something like making a binary universally accessible with suid bit
> set that was not designed to be like that?
>
> If so could you finally point that binary out?

These are both complex questions, also known as the fallacy of
interrogation.  A classic example is "Have you stopped beating your
wife?"  Giving a simple answer to loaded questions can be used by the
interrogator to establish untrue or unverified information. [*]

In this case, the questions are "complex" because I have not made such
a vague claim and I have already pointed out the binary.

Nevertheless, at the time of my posting, /usr/bin/dos met my original
criteria for an insecure program (as quoted above).  It is:

  * Setuid root.

  * Not configured properly to run setuid root, i.e., "all" in users
    file.

  * Not designed properly to run setuid root, i.e., doesn't apply the
    principle of least access (only execute code with euid 0 when
    absolutely required -- reading configuration files doesn't count!)

I haven't checked the dosemu source, but I would be very surprised if
it installed /usr/bin/dos setuid root *and* put "all" in the users file.

In addition, /usr/sbin/pppd was not setuid for at least a year until
you became the maintainer (see your own changelog).  After a brief
examination of the pppd source code, I would say that it is NOT SAFE
to run pppd setuid root.  And although this appears to be the default
installation behavior for the package, it was not the default behavior
for Debian until more recently.

Since Christoph claims to have fixed these problems, I am inclined to
move security-related discussion to other insecure packages.

Dan

[*] I would highly recommend reading "Constructing a Logical Argument",
    located at <URL:http://www.infidels.org/news/atheism/logic.html>.

-- 
Daniel Quinlan <quinlan@pathname.com>  |  finger quinlan@pathname.com for PGP
quinlan@transmeta.com (at work)        |  http://www.pathname.com/~quinlan/

--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com