pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/55765: make security/priv work with per_user_tmp=YES

>Number:         55765
>Category:       pkg
>Synopsis:       make security/priv work with per_user_tmp=YES
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 29 07:30:00 +0000 2020
>Originator:     Kimmo Suominen
>Release:        NetBSD 9.1
System: NetBSD 9.1 NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020 amd64
Architecture: x86_64
Machine: amd64

	Using security/priv to run commands as another user on a
	system with per_user_tmp=YES is not practical, because
	after switching to another user /tmp no longer exists. This
	is because the /private/tmp/@ruid target is created by
	setusercontext(3), and security/priv does not call it (using
	setuid(2)/setgid(2)/initgroups(3) instead).


	% su -m
	# pkg_add priv
	# echo 0:root:0000000: > /usr/pkg/etc/priv/${USER}
	# rm -rf /private/tmp/0

	Alternatively reboot the system, which would be the common cause
	for /private/tmp/0 no longer existing.

	% priv vipw
	ex/vi: Error: Log file: No such file or directory
	vipw: /usr/bin/vi: Undefined error: 0
	vipw: /etc/master.passwd: unchanged

	[The error from vi is also not as helpful as it could be.]


	Proposed patch:

	Workaround: Only authorize users using the F_SU flag in the priv
	configuration files. This requires creating the corresponding
	"su-target" or "sutarget" links as well.

Home | Main Index | Thread Index | Old Index