Menu
▾
▴
Re: privbind security and improvements
|
From: Christian J. <ch...@gm...> - 2010-04-03 23:06:13
|
Hello I'm now sending to the mailing list. 2010/4/3 Shachar Shemesh <sh...@de...>: >> Christian Jaeger wrote: >> >> Hello >> >> I've got a couple things to mention apart from the bug report. >> >> I've only found privbind yesterday, and I like it's design. I was >> suspicious about it's inner workings (and, of course, whether it will >> be secure), which is why I found the overflow; but I've also found a >> couple other problems. Probably the biggest is that when it changes >> user, it doesn't restrict the environment of the process in any way: >> it neither sets the HOME env variable (nor any other), which should >> not be a security issue but maybe the reason for a couple problems >> people have reported, nor resource limits, which means that the >> program running under privbind may be getting relaxed limits that only >> the root user is supposed to receive. >> >> > > Thank you. The proper place to discuss these is on the privbind mailing list > https://lists.sourceforge.net/lists/listinfo/privbind-devel > >> I've put up the git repo with my patches: >> (...) >> >> > > Privbind is hosted on Sourceforge, and uses SVN. As such, git is a rather > non-straight forward solution to pulling patches (and is not the way > privbind is developed, anyways). > > The best thing is to go through the list. > > Thank you, > Shachar Ok, I'm subscribed to the list now. I prefer developing with Git; Git should also be better suited for other people like me who want to contribute quickly and easily, to commit their developments locally before submitting them, which means they can incrementally save their work easily before having an SVN account and their work can later be included easily and, as a plus, while keeping authorship information. But whatever, I'm synching from SVN now and committing to SVN will be straight-forward once I'll get write access to the SVN repo. I've put up my tree including the SVN history at: http://github.com/pflanze/privbind I intend to sync incrementally so that other people who wish to work with Git could also clone from there. The two relevant branches are "pu" and "notes". In "pu" (proposed updates) are patches that I think could be included in the official distribution. In "notes" there are a number of commits (on top of those in "pu") that add notes to the source code which either try to highlight my understanding of the code, or more often, my non-understanding; these are not meant to be included in the code base, I've just collected them this way because that was easy to do for me and should show my thoughts clearly. I think it would be useful to add proper explanations as comments in the code for some of these. In "build" I've got the debian patches and other commit that are only relevant for me to build the package. You can look at the commits of these two branches at: http://github.com/pflanze/privbind/commits/pu http://github.com/pflanze/privbind/commits/notes But actually "gitk --all" is still better at giving an overview than the github web app. So if you've got git (including gitk) installed, run git clone git://github.com/pflanze/privbind.git cd privbind gitk --all (The "dev" branch contains my patches before I sorted them out into "pu" and "notes"; I'll probably just drop it soon.) You can also see the diff over all notes at: http://github.com/pflanze/privbind/compare/build...notes You could also check out with SVN, Github has just announced SVN access support a couple days ago, but I haven't really tested it: svn checkout http://svn.github.com/pflanze/privbind.git Tell me if you've got problems with my setup. I'm always busy, but I may contribute further if you find the time to clear up my questions; I also think that for the setuid part of the code one should get informed about what su is doing, and implement the missing parts or possibly link some "su library" instead (maybe this is in libpam, dunno). Cheers Christian. |